Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't locate and clean the spyware/rootkit that is downloading malicious files onto my PC

Started by mikec84 , Oct 13 2010 01:35 PM

  • This topic is locked This topic is locked
21 replies to this topic

#1 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 13 October 2010 - 01:35 PM

Initially, I knew I had some form of malicious program running when I would play a Source Engine game online (Counter-Strike Source, Garry's Mod, Team Fortress 2). At about 2 minute intervals, my computer would bog down and my frame rate would drop severely. This would last for about 10 seconds then return to normal. Sometimes it was more frequent, sometimes not so much. I always have great ping and lowering the resolution or graphics quality would have no effect at all.

I posted a topic in the "Am I infected? What do I do?" forum Topic referenced is here: http://www.bleepingcomputer.com/forums/topic352931.html ~ OB and got some really good help that located even more files that were malicious and cleaned them. However, the next day they would just come back. It was suggested that I post a DDS log here in this topic, but I could not run GMER due to having Windows 7 64 bit. Here is the log resulting from the DDS run...


DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by MikeC at 10:47:29.11 on Tue 10/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.911 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\MikeC\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\MikeC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MikeC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MikeC\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Users\MikeC\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://vp.crossmark.com/
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "C:\Users\MikeC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No File
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-9-28 69152]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2008-10-1 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2010-5-26 33008]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2010-5-26 823272]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-8-12 1357464]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-2-28 1153368]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-8 2002728]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-6-24 92008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2010-7-14 41280]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;C:\Windows\System32\drivers\WN111v2w7x.sys [2009-10-21 767488]
S3 jswpsapi;Jumpstart Wifi Protected Setup;C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe [2008-2-29 942080]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-8-12 16928]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2010-7-14 43328]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\System32\drivers\wg111v3.sys [2010-7-14 446976]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]

=============== Created Last 30 ================

2010-10-11 16:15:26 -------- d-----w- C:\Program Files (x86)\ESET
2010-10-11 14:24:20 -------- d-----w- C:\Users\MikeC\AppData\Roaming\SUPERAntiSpyware.com
2010-10-11 14:24:20 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-11 14:24:17 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-11 14:24:14 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-10 06:39:29 -------- d-----w- C:\Users\MikeC\AppData\Roaming\AVG10
2010-10-10 03:22:36 -------- d--h--w- C:\PROGRA~3\Common Files
2010-10-10 03:20:26 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-10-10 03:20:26 -------- d-----w- C:\PROGRA~3\AVG10
2010-10-08 23:05:31 -------- d-----w- C:\Users\MikeC\AppData\Roaming\FastStone
2010-10-08 23:05:19 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer
2010-10-08 22:04:49 -------- d-----w- C:\Users\MikeC\AppData\Roaming\TortoiseSVN
2010-10-08 20:49:45 -------- d-----w- C:\Users\MikeC\AppData\Roaming\Subversion
2010-10-08 20:48:50 -------- d-----w- C:\Users\MikeC\AppData\Local\TSVNCache
2010-10-08 20:37:14 -------- d-----w- C:\Program Files\TortoiseSVN
2010-10-08 20:37:14 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2010-10-08 20:15:30 -------- d-----w- C:\Users\MikeC\AppData\Roaming\TeamViewer
2010-10-08 20:15:02 -------- d-----w- C:\Program Files (x86)\TeamViewer
2010-10-03 01:06:14 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2010-10-03 01:03:47 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2010-10-03 01:03:35 -------- d-----w- C:\Windows\PCHEALTH
2010-09-30 16:35:10 -------- d-----w- C:\Users\MikeC\AppData\Local\Diagnostics
2010-09-30 15:18:21 -------- d-----w- C:\PROGRA~3\MFAData
2010-09-29 08:01:00 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 00:42:05 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-09-28 19:19:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-28 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-28 19:19:24 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 19:19:24 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-28 13:16:45 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-09-28 13:04:09 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-09-28 12:21:35 -------- d-----w- C:\Users\MikeC\AppData\Local\Sunbelt Software
2010-09-28 12:06:12 -------- dc-h--w- C:\PROGRA~3\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-28 03:16:20 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2010-09-28 03:16:06 -------- d-----w- C:\Program Files\NVIDIA Corporation
2010-09-28 03:15:02 65128 ----a-w- C:\Windows\System32\OpenCL.dll
2010-09-28 03:15:02 56936 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2010-09-28 03:15:02 13187176 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2010-09-28 03:15:02 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2010-09-22 23:10:52 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-20 15:35:29 -------- d-----w- C:\Program Files (x86)\MSECache
2010-09-16 21:03:25 34304 ----a-r- C:\Users\MikeC\AppData\Roaming\Microsoft\Installer\{AEEB3643-71DE-414d-9E3F-1159177FE211}\misc.exe.D0DF3458_A845_11D3_8D0A_0050046416B9.exe
2010-09-14 20:36:07 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-09-13 21:28:00 27216 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys

==================== Find3M ====================

2010-09-07 08:48:58 381008 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-09-07 08:48:56 41040 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2010-09-07 08:48:52 305232 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-09-07 08:48:50 30288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2010-08-20 02:42:38 35920 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2010-08-20 02:42:38 157264 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2010-07-30 13:43:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2010-07-30 13:43:29 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-07-21 21:59:28 592272 ----a-w- C:\Windows\System32\ipcoin80.dll
2010-07-21 21:59:28 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

============= FINISH: 10:48:46.43 ===============


Thanks in advance!
Mike

Attached Files


Edited by Orange Blossom, 13 October 2010 - 10:05 PM.

 

  • BC Ads
  • BleepingComputer.com

#2 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 21 October 2010 - 06:39 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

#3 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 21 October 2010 - 06:42 PM

Thank you sir, I am still here. Let me know what you need of me!

#4 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 21 October 2010 - 07:55 PM

Hi,

Please run TDSSKiller

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


Now please run OTL, a scanner like DDS.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

#5 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 21 October 2010 - 08:15 PM

The programs were ran as requested. I wanted to mention that the first program found no threats and after the second program ran I got a notice from ad-aware that OTL.exe wanted to change the registry twice. I clicked allow each time, hope that was ok.

Here are the logs in the order requested...


2010/10/21 19:58:04.0913 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/21 19:58:04.0913 ================================================================================
2010/10/21 19:58:04.0913 SystemInfo:
2010/10/21 19:58:04.0913
2010/10/21 19:58:04.0913 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/21 19:58:04.0913 Product type: Workstation
2010/10/21 19:58:04.0914 ComputerName: MIKE
2010/10/21 19:58:04.0916 UserName: MikeC
2010/10/21 19:58:04.0916 Windows directory: C:\Windows
2010/10/21 19:58:04.0916 System windows directory: C:\Windows
2010/10/21 19:58:04.0916 Running under WOW64
2010/10/21 19:58:04.0916 Processor architecture: Intel x64
2010/10/21 19:58:04.0916 Number of processors: 2
2010/10/21 19:58:04.0916 Page size: 0x1000
2010/10/21 19:58:04.0916 Boot type: Normal boot
2010/10/21 19:58:04.0916 ================================================================================
2010/10/21 19:58:04.0917 Utility is running under WOW64
2010/10/21 19:58:13.0092 Initialize success
2010/10/21 19:58:18.0857 ================================================================================
2010/10/21 19:58:18.0857 Scan started
2010/10/21 19:58:18.0857 Mode: Manual;
2010/10/21 19:58:18.0857 ================================================================================
2010/10/21 19:58:23.0903 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/21 19:58:24.0311 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/21 19:58:24.0435 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/21 19:58:24.0584 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/21 19:58:24.0711 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/21 19:58:24.0769 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/21 19:58:24.0945 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/10/21 19:58:24.0999 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/21 19:58:25.0129 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/21 19:58:25.0201 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/21 19:58:25.0235 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/21 19:58:25.0275 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/21 19:58:25.0308 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/21 19:58:25.0409 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/21 19:58:25.0477 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/21 19:58:25.0519 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/10/21 19:58:25.0805 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/10/21 19:58:25.0936 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/21 19:58:26.0067 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/21 19:58:26.0132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/21 19:58:26.0462 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2010/10/21 19:58:26.0545 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2010/10/21 19:58:26.0615 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2010/10/21 19:58:26.0721 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys
2010/10/21 19:58:26.0792 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2010/10/21 19:58:27.0007 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
2010/10/21 19:58:27.0060 Avgtdia (ee472479301fef0b6a17e16d8a0deceb) C:\Windows\system32\DRIVERS\avgtdia.sys
2010/10/21 19:58:27.0249 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/10/21 19:58:27.0312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/10/21 19:58:27.0411 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/10/21 19:58:27.0455 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/21 19:58:27.0483 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/21 19:58:27.0520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/21 19:58:27.0555 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/21 19:58:27.0593 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/10/21 19:58:27.0627 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/21 19:58:27.0650 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/21 19:58:27.0686 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/21 19:58:27.0731 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/21 19:58:27.0781 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/21 19:58:27.0829 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/21 19:58:27.0873 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/21 19:58:27.0914 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/10/21 19:58:28.0003 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/21 19:58:28.0032 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/21 19:58:28.0066 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/10/21 19:58:28.0097 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/21 19:58:28.0130 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/21 19:58:28.0172 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/21 19:58:28.0241 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2010/10/21 19:58:28.0313 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
2010/10/21 19:58:28.0388 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/10/21 19:58:28.0423 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/10/21 19:58:28.0456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/10/21 19:58:28.0553 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/10/21 19:58:28.0601 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/21 19:58:28.0695 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/10/21 19:58:28.0803 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/21 19:58:28.0837 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/21 19:58:28.0934 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/10/21 19:58:28.0961 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/10/21 19:58:29.0010 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/21 19:58:29.0056 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/10/21 19:58:29.0089 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/10/21 19:58:29.0118 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/21 19:58:29.0160 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/10/21 19:58:29.0208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/10/21 19:58:29.0272 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/21 19:58:29.0357 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/21 19:58:29.0422 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/21 19:58:29.0497 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/21 19:58:29.0536 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2010/10/21 19:58:29.0572 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/21 19:58:29.0606 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/21 19:58:29.0639 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/21 19:58:29.0668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/21 19:58:29.0717 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/21 19:58:29.0784 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/21 19:58:29.0841 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/10/21 19:58:29.0878 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/21 19:58:29.0923 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/21 19:58:29.0959 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/21 19:58:29.0999 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/21 19:58:30.0106 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
2010/10/21 19:58:30.0176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/21 19:58:30.0216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/21 19:58:30.0256 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/21 19:58:30.0294 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/21 19:58:30.0326 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/10/21 19:58:30.0352 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/10/21 19:58:30.0386 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/21 19:58:30.0417 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/21 19:58:30.0512 ISWKL (a97874c03fb228b9d3641066805a2666) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2010/10/21 19:58:30.0607 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
2010/10/21 19:58:30.0655 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/21 19:58:30.0685 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/21 19:58:30.0730 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/21 19:58:30.0764 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/21 19:58:30.0790 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/10/21 19:58:30.0863 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
2010/10/21 19:58:30.0964 Lavasoft Kernexplorer (2002853cf2c6328cb6f6fc9dd14393ca) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2010/10/21 19:58:31.0019 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2010/10/21 19:58:31.0077 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/21 19:58:31.0137 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/21 19:58:31.0183 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/21 19:58:31.0236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/21 19:58:31.0264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/21 19:58:31.0298 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/10/21 19:58:31.0352 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
2010/10/21 19:58:31.0389 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/21 19:58:31.0420 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/21 19:58:31.0461 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/10/21 19:58:31.0499 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/21 19:58:31.0532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/21 19:58:31.0557 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/21 19:58:31.0596 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/10/21 19:58:31.0622 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/21 19:58:31.0660 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/21 19:58:31.0720 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/21 19:58:31.0758 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/21 19:58:31.0799 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/21 19:58:31.0845 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/21 19:58:31.0887 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/21 19:58:31.0915 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/21 19:58:31.0965 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/10/21 19:58:31.0997 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/21 19:58:32.0033 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/21 19:58:32.0090 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/21 19:58:32.0122 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/21 19:58:32.0158 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/10/21 19:58:32.0198 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/10/21 19:58:32.0240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/21 19:58:32.0275 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/10/21 19:58:32.0300 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/21 19:58:32.0346 MTsensor (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
2010/10/21 19:58:32.0381 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/10/21 19:58:32.0438 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/21 19:58:32.0487 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/10/21 19:58:32.0520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/21 19:58:32.0582 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/21 19:58:32.0623 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/21 19:58:32.0657 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/21 19:58:32.0691 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/10/21 19:58:32.0732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/21 19:58:32.0764 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/21 19:58:32.0837 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/21 19:58:32.0907 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/10/21 19:58:32.0941 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/21 19:58:33.0007 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/10/21 19:58:33.0097 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
2010/10/21 19:58:33.0134 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/10/21 19:58:33.0395 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/21 19:58:33.0737 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/21 19:58:33.0824 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/21 19:58:33.0959 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/21 19:58:34.0070 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/21 19:58:34.0197 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/10/21 19:58:34.0301 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/10/21 19:58:34.0351 PCAMp50a64 (304e6ac43613a9c43896c4300009442b) C:\Windows\system32\Drivers\PCAMp50a64.sys
2010/10/21 19:58:34.0437 PCASp50a64 (18b6869e23937175144e6f1d3cb85fc2) C:\Windows\system32\Drivers\PCASp50a64.sys
2010/10/21 19:58:34.0510 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/10/21 19:58:34.0571 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/21 19:58:34.0658 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/21 19:58:34.0706 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/10/21 19:58:34.0764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/10/21 19:58:34.0967 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2010/10/21 19:58:35.0050 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/21 19:58:35.0083 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/10/21 19:58:35.0139 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/21 19:58:35.0198 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/21 19:58:35.0271 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/21 19:58:35.0314 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/21 19:58:35.0372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/21 19:58:35.0423 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/21 19:58:35.0462 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/21 19:58:35.0506 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/21 19:58:35.0541 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/21 19:58:35.0574 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/21 19:58:35.0606 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/21 19:58:35.0636 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/21 19:58:35.0684 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2010/10/21 19:58:35.0722 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/21 19:58:35.0767 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/21 19:58:35.0800 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/10/21 19:58:35.0840 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/10/21 19:58:35.0919 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/21 19:58:35.0983 RTL8187B (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
2010/10/21 19:58:36.0033 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/10/21 19:58:36.0138 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/10/21 19:58:36.0171 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/10/21 19:58:36.0241 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/21 19:58:36.0299 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/21 19:58:36.0359 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/21 19:58:36.0412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/21 19:58:36.0445 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/10/21 19:58:36.0471 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/21 19:58:36.0544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/21 19:58:36.0578 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/21 19:58:36.0604 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/21 19:58:36.0639 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/21 19:58:36.0687 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/21 19:58:36.0726 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/21 19:58:36.0759 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/10/21 19:58:36.0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/10/21 19:58:36.0941 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/10/21 19:58:36.0993 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/21 19:58:37.0037 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/21 19:58:37.0129 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
2010/10/21 19:58:37.0217 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/21 19:58:37.0275 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/10/21 19:58:37.0315 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2010/10/21 19:58:37.0366 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/21 19:58:37.0495 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/10/21 19:58:37.0595 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/21 19:58:37.0648 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/21 19:58:37.0686 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/10/21 19:58:37.0715 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/10/21 19:58:37.0775 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/21 19:58:37.0823 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/21 19:58:37.0937 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/21 19:58:37.0980 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/21 19:58:38.0012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/21 19:58:38.0052 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/21 19:58:38.0112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/21 19:58:38.0155 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/21 19:58:38.0195 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/21 19:58:38.0255 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/10/21 19:58:38.0284 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/21 19:58:38.0320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/21 19:58:38.0385 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/21 19:58:38.0430 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/21 19:58:38.0465 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/21 19:58:38.0491 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/21 19:58:38.0530 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/21 19:58:38.0569 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/21 19:58:38.0627 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/21 19:58:38.0664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/21 19:58:38.0697 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/10/21 19:58:38.0759 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/21 19:58:38.0793 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/21 19:58:38.0891 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2010/10/21 19:58:38.0927 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/10/21 19:58:38.0963 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/21 19:58:39.0001 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/10/21 19:58:39.0035 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/21 19:58:39.0108 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
2010/10/21 19:58:39.0156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/21 19:58:39.0204 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/10/21 19:58:39.0242 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/10/21 19:58:39.0315 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/21 19:58:39.0363 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/21 19:58:39.0387 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/21 19:58:39.0482 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/10/21 19:58:39.0527 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/21 19:58:39.0627 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/21 19:58:39.0663 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/10/21 19:58:39.0789 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/21 19:58:39.0899 WN111v2 (b972c12de88299e78f6656a31046dd99) C:\Windows\system32\DRIVERS\WN111v2w7x.sys
2010/10/21 19:58:39.0956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/21 19:58:40.0035 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/10/21 19:58:40.0097 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/21 19:58:40.0359 ================================================================================
2010/10/21 19:58:40.0359 Scan finished
2010/10/21 19:58:40.0359 ================================================================================

////////////////////////////////////////////////////////////////


OTL logfile created on: 10/21/2010 8:01:10 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\MikeC\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 1.00 Gb Available in Paging File | 35.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 217.81 Gb Free Space | 46.78% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 137.86 Gb Free Space | 46.25% Space Free | Partition Type: NTFS

Computer Name: MIKE | User Name: MikeC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\MikeC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\MikeC\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Users\MikeC\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WN111v2\WN111v2.exe (NETGEAR)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\MikeC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (getPlusHelper) getPlus® -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe (Atheros Communications, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\wg111v3.sys (NETGEAR Inc. )
DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2w7x.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (Vsdatant) -- C:\Windows\SysWOW64\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vp.crossmark.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 39 A3 50 9C B8 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/06/29 09:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/30 08:46:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/10/09 22:21:11 | 000,000,000 | ---D | M]

[2010/08/11 19:08:24 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\Mozilla\Extensions
[2010/08/11 19:08:24 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

O1 HOSTS File: ([2010/10/19 10:26:14 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files (x86)\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\NETGEAR\WN111v2\jswtrayutil.exe File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Google Update] C:\Users\MikeC\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1117a757-7678-11df-a5e1-90e6babaf984}\Shell - "" = AutoRun
O33 - MountPoints2\{1117a757-7678-11df-a5e1-90e6babaf984}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/21 19:57:31 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MikeC\Desktop\TDSSKiller.exe
[2010/10/19 16:34:11 | 000,000,000 | ---D | C] -- C:\Users\MikeC\Documents\Drawrings
[2010/10/19 15:02:43 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/19 10:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/10/19 10:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/10/19 09:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/19 09:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010/10/19 09:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/10/17 08:17:51 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Local\Adobe
[2010/10/15 13:58:17 | 000,155,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRT.dll
[2010/10/15 13:58:17 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\Windows\SysWow64\tm20dec.ax
[2010/10/15 13:58:17 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LMRTREND.dll
[2010/10/15 13:58:14 | 000,182,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft3.dll
[2010/10/15 13:58:10 | 000,217,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\strmdll.dll
[2010/10/15 13:58:09 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unam4ie.exe
[2010/10/15 13:57:52 | 001,088,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\danim.dll
[2010/10/15 13:57:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciqtz.drv
[2010/10/15 13:57:51 | 000,194,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qcut.dll
[2010/10/15 13:57:49 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2010/10/15 13:57:49 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2010/10/15 13:57:28 | 000,000,000 | ---D | C] -- C:\TELL ME MORE CJ
[2010/10/14 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Local\http___www.julien-manici
[2010/10/14 15:21:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/10/14 13:56:34 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shellstyle Backup1.dll
[2010/10/14 13:56:34 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shellstyle Backup4.dll
[2010/10/14 13:56:34 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shellstyle Backup3.dll
[2010/10/14 13:56:34 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shellstyle Backup2.dll
[2010/10/14 13:56:34 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shellstyle Backup.dll
[2010/10/14 13:38:45 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup.exe
[2010/10/14 13:14:41 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2010/10/14 13:14:38 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2010/10/14 12:54:30 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup
[2010/10/14 12:41:51 | 000,000,000 | ---D | C] -- C:\Users\MikeC\Documents\THEMES
[2010/10/14 08:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/10/13 14:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/10/12 16:08:25 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/10/12 16:08:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/10/12 16:08:20 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010/10/12 16:08:11 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010/10/12 16:08:05 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010/10/12 16:05:34 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010/10/12 16:05:34 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010/10/12 16:05:28 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010/10/12 16:05:28 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010/10/12 16:05:15 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/10/12 16:05:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/10/12 16:05:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/10/12 16:05:14 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/10/12 16:05:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/10/12 16:05:13 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/10/12 16:05:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010/10/12 16:05:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/10/12 16:05:13 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/10/12 16:05:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/10/12 16:05:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/12 16:05:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/10/12 16:05:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/10/12 16:05:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/10/12 16:04:52 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/10/12 16:04:51 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/10/12 16:04:50 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/10/12 16:04:50 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/10/12 16:04:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010/10/11 11:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/10/11 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/11 09:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/11 09:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/11 09:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/10 01:39:29 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\AVG10
[2010/10/09 22:22:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/09 22:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/09 22:20:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/10/09 21:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/09 21:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010/10/08 18:05:31 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\FastStone
[2010/10/08 18:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer
[2010/10/08 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\TortoiseSVN
[2010/10/08 15:49:45 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\Subversion
[2010/10/08 15:48:50 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Local\TSVNCache
[2010/10/08 15:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/10/08 15:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/10/08 15:15:30 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Roaming\TeamViewer
[2010/10/08 15:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010/10/02 20:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2010/10/02 20:03:35 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/30 11:35:10 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Local\Diagnostics
[2010/09/30 10:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/09/28 19:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/28 08:04:09 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/09/28 07:21:35 | 000,000,000 | ---D | C] -- C:\Users\MikeC\AppData\Local\Sunbelt Software
[2010/09/28 07:06:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/27 22:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/09/27 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/09/27 22:15:02 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/09/27 22:15:02 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/09/27 22:15:02 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010/09/27 22:14:59 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010/09/27 22:14:59 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010/09/27 22:14:56 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010/09/27 22:14:56 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010/09/27 22:14:56 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010/09/27 22:14:53 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010/09/27 22:14:53 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010/09/27 22:14:53 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010/09/27 22:14:53 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010/09/27 22:14:53 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010/09/27 22:14:50 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010/09/27 22:14:50 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010/09/27 22:14:50 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010/09/27 22:14:50 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010/09/27 22:14:43 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/09/24 12:10:20 | 000,000,000 | ---D | C] -- C:\Users\MikeC\Documents\Crescent Processing
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/21 19:36:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436413309-3135861542-1270801262-1001UA.job
[2010/10/21 18:36:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1436413309-3135861542-1270801262-1001Core.job
[2010/10/21 17:46:37 | 097,351,046 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/21 09:05:36 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/10/20 09:23:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/20 09:23:00 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (Daily).job
[2010/10/19 16:35:31 | 000,000,132 | ---- | M] () -- C:\Users\MikeC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/19 10:19:49 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 10:19:49 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/19 10:09:56 | 004,828,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/19 10:09:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/19 10:09:37 | 1609,916,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 08:13:58 | 400,673,556 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/15 14:15:40 | 000,168,792 | ---- | M] () -- C:\Windows\SysWow64\C89R76R0.TAL
[2010/10/15 14:13:34 | 000,059,080 | ---- | M] () -- C:\Windows\SysWow64\09R5PH8N60.TAL
[2010/10/15 14:13:05 | 002,497,912 | ---- | M] () -- C:\Windows\SysWow64\HGRGMSJ0.TAL
[2010/10/15 14:13:02 | 000,184,328 | ---- | M] () -- C:\Windows\SysWow64\T7M6S0.TAL
[2010/10/15 14:12:58 | 000,138,332 | ---- | M] () -- C:\Windows\SysWow64\0R75L0.TAL
[2010/10/15 13:57:48 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf32.dll
[2010/10/15 13:57:48 | 000,002,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\w95inf16.dll
[2010/10/14 15:51:44 | 000,035,046 | ---- | M] () -- C:\Windows\temp.bmp
[2010/10/13 16:17:39 | 000,765,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/13 16:17:39 | 000,640,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/13 16:17:39 | 000,114,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/12 10:46:30 | 000,000,000 | ---- | M] () -- C:\Users\MikeC\defogger_reenable
[2010/10/09 22:22:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010/10/09 22:22:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010/10/04 09:08:00 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MikeC\Desktop\TDSSKiller.exe
[2010/10/02 20:04:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/02 20:04:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/10/02 20:04:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/09/30 14:41:17 | 000,007,611 | ---- | M] () -- C:\Users\MikeC\AppData\Local\Resmon.ResmonCfg
[2010/09/28 07:06:09 | 000,001,173 | ---- | M] () -- C:\Users\MikeC\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 17:46:37 | 097,351,046 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/10/19 16:35:31 | 000,000,132 | ---- | C] () -- C:\Users\MikeC\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/10/19 08:17:33 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/19 08:17:30 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Scan (Daily).job
[2010/10/15 14:15:40 | 000,168,792 | ---- | C] () -- C:\Windows\SysWow64\C89R76R0.TAL
[2010/10/15 14:13:34 | 000,059,080 | ---- | C] () -- C:\Windows\SysWow64\09R5PH8N60.TAL
[2010/10/15 14:04:27 | 002,497,912 | ---- | C] () -- C:\Windows\SysWow64\HGRGMSJ0.TAL
[2010/10/15 14:04:03 | 000,184,328 | ---- | C] () -- C:\Windows\SysWow64\T7M6S0.TAL
[2010/10/15 14:03:32 | 000,138,332 | ---- | C] () -- C:\Windows\SysWow64\0R75L0.TAL
[2010/10/15 13:57:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010/10/15 13:57:52 | 000,005,672 | ---- | C] () -- C:\Windows\SysWow64\quartz.vxd
[2010/10/14 17:15:48 | 400,673,556 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/14 15:00:24 | 001,950,208 | ---- | C] () -- C:\UxStyle_Core_Jul13_x64.msi
[2010/10/14 15:00:23 | 002,413,056 | ---- | C] () -- C:\UxStyle_Core_Jul13_x86.msi
[2010/10/14 13:38:04 | 000,035,046 | ---- | C] () -- C:\Windows\temp.bmp
[2010/10/12 10:46:30 | 000,000,000 | ---- | C] () -- C:\Users\MikeC\defogger_reenable
[2010/10/08 23:37:52 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/10/02 20:04:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2010/10/02 20:04:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2010/10/02 20:04:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010/09/30 14:41:17 | 000,007,611 | ---- | C] () -- C:\Users\MikeC\AppData\Local\Resmon.ResmonCfg
[2010/09/28 08:16:45 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/09/28 07:06:09 | 000,001,173 | ---- | C] () -- C:\Users\MikeC\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/27 22:15:02 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/06/12 23:21:52 | 000,009,216 | ---- | C] () -- C:\Users\MikeC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 11:03:58 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2010/05/11 11:03:21 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2010/03/11 13:46:35 | 000,000,093 | ---- | C] () -- C:\Users\MikeC\AppData\Local\fusioncache.dat
[2010/03/11 12:20:53 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/10 19:22:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/03/02 14:59:25 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/03/02 14:59:25 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/03/02 14:29:53 | 000,017,781 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/03/02 14:29:26 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/02 14:29:24 | 000,014,183 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/10/10 01:39:29 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\AVG10
[2010/03/10 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\Canneverbe Limited
[2010/10/19 15:02:43 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/29 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\CheckPoint
[2010/10/08 15:49:45 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\Subversion
[2010/10/08 15:15:30 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\TeamViewer
[2010/08/11 19:08:20 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\TomTom
[2010/10/21 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\uTorrent
[2010/03/15 19:42:33 | 000,000,000 | ---D | M] -- C:\Users\MikeC\AppData\Roaming\W Photo Studio Viewer
[2010/10/20 09:23:00 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Scan (Daily).job
[2010/10/20 09:23:00 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/09/05 21:13:50 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

////////////////////////////////////////////////////////////////////////


OTL Extras logfile created on: 10/21/2010 8:01:10 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\MikeC\Downloads
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 1.00 Gb Available in Paging File | 35.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 217.81 Gb Free Space | 46.78% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 137.86 Gb Free Space | 46.25% Space Free | Partition Type: NTFS

Computer Name: MIKE | User Name: MikeC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\MikeC\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{140587DE-51BE-45DA-838D-CD594C88B691}" = AVG 2011
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{6DA2E7DC-BC1E-4595-83A9-99BAD907AA1C}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E4B6E39-A0A8-4AFD-91C7-56421C194C29}" = TortoiseSVN 1.6.11.20210 (64 bit)
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{A019FB54-F9D4-42BE-937D-5A4B9A36428D}" = AVG 2011
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Ogg Codecs 0.81.15562
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3599DC9F-2620-4400-9FF6-582FAAE6F2C2}" = PowerArchiver 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"FLAC" = FLAC 1.2.1b (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"RealPlayer 12.0" = RealPlayer
"Steam App 215" = Source SDK Base
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3480" = Peggle Deluxe
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 45000" = Sol Survivor
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"TabIt for Windows_is1" = TabIt version 2.03
"TeamViewer 5" = TeamViewer 5
"TellmeMoreV50" = TeLL me More CJ
"TomTom HOME" = TomTom HOME 2.7.5.2014
"uTorrent" = µTorrent
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/30/2010 11:13:45 PM | Computer Name = MIKE | Source = Application Error | ID = 1000
Description = Faulting application name: YahooMessenger.exe, version: 10.0.0.1251,
time stamp: 0x4b8ed4b4 Faulting module name: ymsdk.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4b8ed56e Exception code: 0xc0000005 Fault offset: 0x6109427d Faulting
process id: 0x7e0 Faulting application start time: 0x01cb6111baf14944 Faulting application
path: C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe Faulting module
path: ymsdk.dll Report Id: e60606d9-cd09-11df-b2aa-90e6babaf984

Error - 10/3/2010 12:20:02 AM | Computer Name = MIKE | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4c525184 Faulting module name: GameOverlayRenderer.dll, version: 0.92.97.78, time
stamp: 0x4c927f1d Exception code: 0xc0000005 Fault offset: 0x00010ede Faulting process
id: 0x1290 Faulting application start time: 0x01cb62a0b2693618 Faulting application
path: c:\program files (x86)\steam\steamapps\xxmikec84xx\garrysmod\hl2.exe Faulting
module path: C:\Program Files (x86)\Steam\GameOverlayRenderer.dll Report Id: 7dc0e036-cea5-11df-9cba-90e6babaf984

Error - 10/3/2010 9:34:03 PM | Computer Name = MIKE | Source = Windows Backup | ID = 4104
Description =

Error - 10/6/2010 1:07:36 AM | Computer Name = MIKE | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x4c525184 Faulting module name: GameOverlayRenderer.dll, version: 0.94.9.25, time
stamp: 0x4caa36f9 Exception code: 0xc0000005 Fault offset: 0x00011ad4 Faulting process
id: 0x16f4 Faulting application start time: 0x01cb64d724c7a5f3 Faulting application
path: c:\program files (x86)\steam\steamapps\xxmikec84xx\garrysmod\hl2.exe Faulting
module path: C:\Program Files (x86)\Steam\GameOverlayRenderer.dll Report Id: a1959bc7-d107-11df-9cba-90e6babaf984

Error - 10/6/2010 12:47:57 PM | Computer Name = MIKE | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc6b7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xd64 Faulting application
start time: 0x01cb65763511beed Faulting application path: C:\Windows\SysWOW64\DllHost.exe
Faulting
module path: unknown Report Id: 783ad947-d169-11df-9cba-90e6babaf984

Error - 10/8/2010 9:06:16 PM | Computer Name = MIKE | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: a30 Start Time:
01cb6743767a46f6 Termination Time: 245 Application Path: c:\program files (x86)\steam\steamapps\xxmikec84xx\garrysmod\hl2.exe

Report
Id:

Error - 10/10/2010 8:03:10 PM | Computer Name = MIKE | Source = Windows Backup | ID = 4104
Description =

Error - 10/11/2010 9:35:35 AM | Computer Name = MIKE | Source = MsiInstaller | ID = 1013
Description =

Error - 10/11/2010 10:24:35 AM | Computer Name = MIKE | Source = Application Error | ID = 1000
Description = Faulting application name: SUPERAntiSpyware.exe, version: 4.44.0.1000,
time stamp: 0x4ca390d3 Faulting module name: SUPERAntiSpyware.exe, version: 4.44.0.1000,
time stamp: 0x4ca390d3 Exception code: 0xc0000005 Fault offset: 0x0006deac Faulting
process id: 0x994 Faulting application start time: 0x01cb694ff790b0b8 Faulting application
path: C:\Users\MikeC\Downloads\SUPERAntiSpyware.exe Faulting module path: C:\Users\MikeC\Downloads\SUPERAntiSpyware.exe
Report
Id: 45665334-d543-11df-82a8-90e6babaf984

Error - 10/18/2010 12:37:23 AM | Computer Name = MIKE | Source = Windows Backup | ID = 4104
Description =

[ System Events ]
Error - 8/31/2010 10:17:58 AM | Computer Name = MIKE | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 8/31/2010 10:18:05 AM | Computer Name = MIKE | Source = PNRPSvc | ID = 102
Description =

Error - 8/31/2010 10:18:05 AM | Computer Name = MIKE | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 8/31/2010 10:18:14 AM | Computer Name = MIKE | Source = PNRPSvc | ID = 102
Description =

Error - 8/31/2010 10:18:14 AM | Computer Name = MIKE | Source = PNRPSvc | ID = 102
Description =

Error - 8/31/2010 10:18:14 AM | Computer Name = MIKE | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 8/31/2010 10:18:14 AM | Computer Name = MIKE | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 8/31/2010 10:18:14 AM | Computer Name = MIKE | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 8/31/2010 10:18:14 AM | Computer Name = MIKE | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 9/1/2010 2:18:07 PM | Computer Name = MIKE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:16:04 PM on ?9/?1/?2010 was unexpected.


< End of report >




Thanks!
Mike

#6 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 21 October 2010 - 08:35 PM

Nothin showing there, so we'll just clear up some missing files. Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please run MBAM

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Next, Superantispyware

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

#7 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 21 October 2010 - 10:47 PM

Here are the 3 logs. Super Anti-Spyware found some problems, MBAM did not however...

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.16.0 log created on 10212010_203744

///////////////////////////////////////////////////

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4907

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/21/2010 9:49:54 PM
mbam-log-2010-10-21 (21-49-54).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 347416
Time elapsed: 1 hour(s), 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


//////////////////////////////////////////

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/21/2010 at 10:40 PM

Application Version : 4.44.1000

Core Rules Database Version : 5731
Trace Rules Database Version: 3543

Scan type : Complete Scan
Total Scan Time : 00:44:15

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 13022
Registry threats detected : 0
File items scanned : 29488
File threats detected : 216

Adware.Tracking Cookie
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.walmart.112.2o7.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.associatedcontent.112.2o7.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
pluckit.demandmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.dmtracker.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wdloagczoeo.stats.esomniture.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.e-2dj6wnl4apcpsap.stats.esomniture.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bizrate.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
stat.dealtime.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.eyewonder.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.247realmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.keewurd.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.xiti.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bravenet.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ext-us.bestofmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.smartadserver.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.kontera.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.collective-media.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lfstmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.adfrontiers.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bonniercorp.122.2o7.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.xtendmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.xtendmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.chitika.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.trafficmp.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.hookedmediagroup.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.xtendmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.photobucket.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
uk.sitestat.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.traveladvertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
counter.rewardsnetwork.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.addynamix.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.realmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstbeacon.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstbeacon.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediabrandsww.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.bs.serving-sys.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tacoda.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.at.atwola.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.richmedia.yahoo.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
web4.realtracker.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media6degrees.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adbrite.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.oasn04.247realmedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adinterax.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
pixel.invitemedia.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.revsci.net [ C:\Users\MikeC\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
s0.2mdn.net [ C:\Users\MikeC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3EMX2AC7 ]



Thanks!
Mike

#8 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 22 October 2010 - 05:56 PM

Neither found anything really bad, SAS always clears up your tracking cookies.

Please run ESET's online scanner

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Leave the top box checked and then check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

#9 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 23 October 2010 - 12:27 AM

Nothing was found by ESET, however, when that was running, AVG popped up on 3 separate occasions and notified me 3 files were infected.

It lists all 3 as "Trojan horse PSW.OnlineGames3.AYCG". Sorry, I can't figure out how to export any kind of log to give you more detail.

These were all associated with a theme I had downloaded not too long ago, after I started having problems. I'm a bit surprised because I just can't believe this site I got them from would have infected files to distribute. Its just a small forum where a few people make their own themes and have been doing it for a long time.

All 3 were for this "Windows 7 Start Button Changer.exe" program that came along with it to change the appearance of the start button.

I'll be awaiting your reply!

Thanks!
Mike

#10 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 23 October 2010 - 09:47 AM

We can scan this file with more than your AVG. It may be that this is a false positive and a multi-scan will let us know this.

Can you first locate the Windows 7 Start Button Changer.exe file.

If you can't find it then run the SystemLook program below

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
Windows 7 Start Button Changer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan and will give you its filepath.
Note: The log can also be found on your Desktop entitled SystemLook.txt

When you have found it then we can use Jotti to run a multi-scan.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Go to Jotti

When the jotti page has finished loading, click the Browse button and navigate to the Windows 7 Start Button Changer.exe file and click Submit.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at VirusTotal

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

#11 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 24 October 2010 - 06:12 PM

AVG is keeping me from opening the "Windows 7 Start Button Changer.exe" file with Jotti. I have the 2011 edition. Aside from closing AVG with task manager, I can't figure out how to disable AVG the normal way, or get around this. Any suggestions?

Edited by mikec84, 24 October 2010 - 06:13 PM.

#12 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 24 October 2010 - 07:35 PM

It depends on the AVG version. This I found on a Google search.

Right-click on the "Resident Shield" icon located on the right side of the taskbar, then select "Open AVG User Interface."

Double-click on "Resident Shield" in the middle of the AVG User Interface window. As an alternative, click on "Tools," then "Advanced Settings," and then select "Resident Shield."

Uncheck "Resident Shield Active" under the Resident Shield settings section, then click "Save Changes." This will disable the Resident Shield but keep the Email Scanner and other virus protection features active.

Install your new software or drivers, then repeat Steps 1 through 3, checking "Resident Shield Active." Click "Save Changes" to enable AVG again. Close the AVG User Interface window, then restart your computer.

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

#13 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 24 October 2010 - 10:49 PM

Everything worked out ok now. The Jotti sanner said it found nothing...

Thanks!
Mike

#14 mikec84

mikec84

    Member

  • Members
  • PipPip
  • 50 posts
  • Gender:Male
  • Location:Glen Carbon, IL

Posted 25 October 2010 - 11:44 AM

I wanted to add that I just tried playing Counter-Strike again and it still does the same thing. It starts to bogg down after playing for about 5 mins, then keeps bogging down in intervals. I was doing a search on google to see if anyone else had this problem while I was awaiting your reply and when I clicked a search result that was supposed to lead to "forums.counter-strike.com/..." it led me to this page instead "http://file2store.info/download.php?id=7BCA87A7".

This page it took me to was full of advertisements and something about fire insurance, and instinctively when I saw this page I had not intended to see after clicking the search topic, I clicked the back button thinking I miss-clicked and hit an ad link instead. When it went back to the search results, the link to "forums.counter-strike.com..." changed color to that of a visited link and when I navigated to it again, it took me to the right place.

When it took me to the right place the second time, I still was confused, so I opened up my history and verified that I wasn't seeing things and I was indeed navigated to that "http://file2store.info/download.php?id=7BCA87A7" site.

Is this what I've heard of a "google redirect" ? I'm just a layman, so I may be using the wrong term, but it seems something is redirecting sites I try to navigate to. In fact, I know I have seen something similiar to what I saw at "http://file2store.info/download.php?id=7BCA87A7" while browsing the web before, but this is the first time I have been directed there when I knew I was attempting to visit a legit site.



Furthermore, from dealing with other unrelated issues my brother has had with counter-strike, I have learned that the "steam client" that is used to access and play counter-strike (and is used in-game to view the web while you are playing, chat, etc.) relies on internet explorer.



I guess what I am trying to say is, while I'm playing counter-strike, I wonder if whatever this malicious program is that we can't find is accessing the intenet through the steam client and sending information while I am playing? I hope my rambling isn't too confusing =P

Thanks!
Mike

#15 m0le

m0le

    Let's get to work

  • Malware Response Instructor
  • PipPipPipPipPipPip
  • 32,557 posts
  • Gender:Male
  • Location:London, UK

Posted 25 October 2010 - 05:44 PM

This is adware so we will hit it with some adware specialists

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

And

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If I have helped you fix your PC then please donate. Thanks

jetian6yw.jpg
m0le is a proud member of UNITE

Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·