BleepingComputer.com: constant echo requests from "Tcpip Kernel Driver"; Google redirected; "GLARM" in registry

Hello,
I started noticing odd behavior from my computer after installing a couple of new programs (Camstudio from downloads.cnet.com, and another one that I may have gotten from elsewhere--I can't remember). It would redirect me to ezpapersolutions.com when clicking on Google links; then if I went back and clicked again, the link would work correctly. I also started having popups. Further, I had Process Explorer set as my task manager, and now it keeps resetting itself to the default Task Manager for Windows 2000. Also, my firewall started receiving these two kinds of requests every few seconds or minutes: for one it said "Someone on address 10.12.15.1 wants to send ICMP packet to your machine" (the firewall reported the 'owner' as "Tcpip Kernel Driver"), and for the other it said "'Run a DLL as an App' from your computer wants to connect to 95.211.128.4, port 80". I have attached the log from the firewall to this post.

I searched my computer and registry for ezpapersolutions.com, and somewhere I found the string "GLARM" (without quotes). In the registry at
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
I deleted the key:
smiMapEnum
containing:
rundll32.exe "C:\Documents and Settings\Lowell Jensen\Local Settings\Application Data\HandlerGLARM\smiMapEnum.dll",compatobjdb eventobjhid
because I had never seen "HandlerGLARM" before and was sure it didn't belong in \Run. Then I searched the registry for the strings smiMapEnum, compatobjdb, eventobjhid, Camstudio (the program I suspected), and GLARM, but I found nothing.

I also ran ClamWin antivirus and this series of anti-malware programs: Windows Malicious Software Removal Tool, Malwarebytes' Anti-Malware, Ad-Aware, Spybot, Rootkit Revealer, SUPERAntiSpyware, as well as ATF-Cleaner and MRU-Blaster. I used full scans rather than quick scans.

At some point during all that, the Google redirections stopped and the firewall requests from SVCHOST.EXE stopped. But I still have continuous firewall requests from 'Tcpip Kernel Driver,' at least every couple minutes. (This is in the log.)

Can you please help me get rid of whatever it is? I have been spending hours on this. Thank you so much for your help!
-LJEN


My DDS file is:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_20
Run by Lowell Jensen at 21:36:17 on 2012-02-06
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.364 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINNT\system32\spoolsv.exe
D:\win\SUPERAntiSpyware\SASCORE.EXE
C:\WINNT\System32\cisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\tbctray.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\nvsvc32.exe
D:\win\Kerio Personal Firewall\persfw.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\ltmsg.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\SCardSvr.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AutorunsDisabled - No File
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\winnt\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\winnt\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "d:\win\quicktime\qttask.exe" -atboottime
mRun: [TraySantaCruz] c:\winnt\system32\tbctray.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\ralink~1.lnk - c:\program files\ralink\common\RaUI.exe
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - hxxp://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1328142197540
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38600.9359606481
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
TCP: DhcpNameServer = 10.12.15.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{DAFC3509-64C3-4CD7-8FF5-D6520BF33D51} : DhcpNameServer = 10.12.15.1 8.8.8.8 8.8.4.4
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - d:\win\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\win\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\lowell jensen\application data\mozilla\firefox\profiles\retlmslp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll
FF - plugin: d:\win\google\google earth\plugin\npgeplugin.dll
FF - plugin: d:\win\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: d:\win\picasa2\npPicasa2.dll
FF - plugin: d:\win\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
============= SERVICES / DRIVERS ===============
.
R0 idebd;idebd;c:\winnt\system32\drivers\IdeBd.sys [2005-9-5 3737]
R0 IntelATA;IntelATA;c:\winnt\system32\drivers\IntelATA.sys [2005-9-5 118480]
R1 cmosa;cmosa;c:\winnt\system32\drivers\cmosa.sys [2011-9-10 29344]
R1 fwdrv;Kerio Personal Firewall Driver;c:\winnt\system32\drivers\FWDRV.SYS [2011-1-22 102912]
R1 SASDIFSV;SASDIFSV;d:\win\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\win\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\win\superantispyware\SASCore.exe [2011-8-11 116608]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\winnt\system32\drivers\rt2860.sys [2010-6-28 537216]
R3 tbcspud;Santa Cruz Driver;c:\winnt\system32\drivers\tbcspud.sys [2007-5-4 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\winnt\system32\drivers\tbcwdm.sys [2007-5-4 545088]
S2 gupdate;Google Update Service (gupdate);d:\win\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90Xbc5.SYS [2000-8-1 66799]
S3 gupdatem;Google Update Service (gupdatem);d:\win\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\winnt\system32\drivers\rt2870.sys [2011-11-3 730240]
S3 scsiscan;SCSI Scanner Driver;c:\winnt\system32\drivers\scsiscan.sys [2009-5-30 10576]
.
=============== Created Last 30 ================
.
2012-02-02 01:18:55 101720 ----a-w- c:\winnt\system32\drivers\SBREDrv.sys
2012-02-02 01:05:17 -------- d-----w- c:\winnt\Local Settings
2012-02-02 00:47:24 388608 ----a-w- d:\win\hijackthis.exe
2012-02-02 00:39:51 -------- d-----w- c:\documents and settings\lowell jensen\application data\SUPERAntiSpyware.com
2012-02-02 00:39:00 -------- d---a-w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-02-02 00:39:00 -------- d-----w- d:\win\SUPERAntiSpyware
2012-02-02 00:33:30 50688 ----a-w- d:\win\ATF-Cleaner.exe
2012-01-28 01:41:05 -------- d-----w- d:\win\Rootkit Revealer
2012-01-27 02:16:11 -------- d-----w- c:\documents and settings\lowell jensen\application data\Malwarebytes
2012-01-27 02:16:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-27 02:16:01 18800 ----a-w- c:\winnt\system32\drivers\mbam.sys
2012-01-27 02:16:01 -------- d-----w- d:\win\Malwarebytes
2012-01-21 21:00:05 -------- d-----w- d:\win\MRU-Blaster
2012-01-21 18:50:31 -------- d---a-w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-21 18:50:31 -------- d-----w- d:\win\Spybot
.
==================== Find3M ====================
.
2010-04-10 03:22:12 133120 ----a-w- d:\win\MapSetToolKit.exe
2008-03-14 16:42:18 77824 ----a-w- d:\win\smoke sim.exe
2003-09-18 15:43:48 93004 ----a-r- d:\win\ball attractor program.exe
2001-09-05 17:45:52 208440 ----a-w- d:\win\tone generator.exe
.
============= FINISH: 21:36:43.02 ===============

This post has been edited by ljen: 07 February 2012 - 01:18 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

• Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  
  
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
  
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

Hello m0le,
Thanks for helping me! I'm here.
ljen

It might be a rootkit that's still trying to function.

Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

m0le,
Here is my aswMBR log.
I have programs installed on a second partition (D:). Should I scan it also?
ljen

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 22:03:45
-----------------------------
22:03:45.326 OS Version: Windows 5.0.2195 Service Pack 4
22:03:45.326 Number of processors: 1 586 0xA
22:03:45.326 ComputerName: MAX UserName:
22:03:45.537 Initialze error C0000263 - driver not loaded
22:09:01.911 AVAST engine defs: 12021101
22:16:56.774 Service scanning
22:16:57.555 Service Abiosdsk C:\WINNT\System32\Drivers\Abiosdsk.sys **LOCKED**
22:16:57.565 Service abp480n5 C:\WINNT\System32\Drivers\abp480n5.sys **LOCKED**
22:16:57.565 Service ACPI C:\WINNT\System32\DRIVERS\ACPI.sys **LOCKED**
22:16:57.565 Service ACPIEC C:\WINNT\System32\Drivers\ACPIEC.sys **LOCKED**
22:16:57.565 Service adpu160m C:\WINNT\System32\Drivers\adpu160m.sys **LOCKED**
22:16:57.565 Service AegisP C:\WINNT\system32\DRIVERS\AegisP.sys **LOCKED**
22:16:57.565 Service AFD C:\WINNT\System32\drivers\afd.sys **LOCKED**
22:16:57.565 Service agp440 C:\WINNT\System32\DRIVERS\agp440.sys **LOCKED**
22:16:57.575 Service Aha154x C:\WINNT\System32\Drivers\Aha154x.sys **LOCKED**
22:16:57.575 Service aic116x C:\WINNT\System32\Drivers\aic116x.sys **LOCKED**
22:16:57.575 Service aic78u2 C:\WINNT\System32\Drivers\aic78u2.sys **LOCKED**
22:16:57.575 Service aic78xx C:\WINNT\System32\Drivers\aic78xx.sys **LOCKED**
22:16:57.896 Service ami0nt C:\WINNT\System32\Drivers\ami0nt.sys **LOCKED**
22:16:57.896 Service amsint C:\WINNT\System32\Drivers\amsint.sys **LOCKED**
22:16:57.896 Service asc C:\WINNT\System32\Drivers\asc.sys **LOCKED**
22:16:57.896 Service asc3350p C:\WINNT\System32\Drivers\asc3350p.sys **LOCKED**
22:16:57.906 Service asc3550 C:\WINNT\System32\Drivers\asc3550.sys **LOCKED**
22:16:57.906 Service Aspi32 C:\WINNT\System32\Drivers\Aspi32.sys **LOCKED**
22:16:57.906 Service AsyncMac C:\WINNT\System32\DRIVERS\asyncmac.sys **LOCKED**
22:16:57.906 Service atapi C:\WINNT\System32\DRIVERS\atapi.sys **LOCKED**
22:16:57.906 Service Atdisk C:\WINNT\System32\Drivers\Atdisk.sys **LOCKED**
22:16:57.916 Service Atmarpc C:\WINNT\System32\DRIVERS\atmarpc.sys **LOCKED**
22:16:57.916 Service audstub C:\WINNT\System32\DRIVERS\audstub.sys **LOCKED**
22:16:57.916 Service Beep C:\WINNT\System32\Drivers\Beep.sys **LOCKED**
22:16:57.916 Service BusLogic C:\WINNT\System32\Drivers\BusLogic.sys **LOCKED**
22:16:57.926 Service CA561 C:\WINNT\System32\Drivers\SPCA561.SYS **LOCKED**
22:16:57.926 Service ccdecode C:\WINNT\system32\drivers\ccdecode.sys **LOCKED**
22:16:57.926 Service cd20xrnt C:\WINNT\System32\Drivers\cd20xrnt.sys **LOCKED**
22:16:57.926 Service Cdaudio C:\WINNT\System32\Drivers\Cdaudio.sys **LOCKED**
22:16:57.926 Service Cdr4_2K C:\WINNT\System32\Drivers\Cdr4_2K.sys **LOCKED**
22:16:57.936 Service Cdralw2k C:\WINNT\System32\Drivers\Cdralw2k.sys **LOCKED**
22:16:57.936 Service Cdrom C:\WINNT\System32\DRIVERS\cdrom.sys **LOCKED**
22:16:57.936 Service Changer C:\WINNT\System32\Drivers\Changer.sys **LOCKED**
22:16:57.936 Service cmosa C:\WINNT\System32\Drivers\cmosa.sys **LOCKED**
22:16:57.946 Service Cpqarray C:\WINNT\System32\Drivers\Cpqarray.sys **LOCKED**
22:16:57.946 Service cpqarry2 C:\WINNT\System32\Drivers\cpqarry2.sys **LOCKED**
22:16:57.946 Service cpqfcalm C:\WINNT\System32\Drivers\cpqfcalm.sys **LOCKED**
22:16:57.946 Service cpqfws2e C:\WINNT\System32\Drivers\cpqfws2e.sys **LOCKED**
22:16:57.956 Service cwcspud C:\WINNT\system32\drivers\cwcspud.sys **LOCKED**
22:16:57.956 Service dac960nt C:\WINNT\System32\Drivers\dac960nt.sys **LOCKED**
22:16:57.956 Service deckzpsx C:\WINNT\System32\Drivers\deckzpsx.sys **LOCKED**
22:16:57.956 Service Disk C:\WINNT\System32\DRIVERS\disk.sys **LOCKED**
22:16:57.966 Service Diskperf C:\WINNT\System32\Drivers\Diskperf.sys **LOCKED**
22:16:57.966 Service dmboot C:\WINNT\System32\drivers\dmboot.sys **LOCKED**
22:16:57.966 Service dmio C:\WINNT\System32\drivers\dmio.sys **LOCKED**
22:16:57.966 Service dmload C:\WINNT\System32\drivers\dmload.sys **LOCKED**
22:16:57.966 Service DMusic C:\WINNT\system32\drivers\DMusic.sys **LOCKED**
22:16:57.976 Service EL90BC C:\WINNT\System32\DRIVERS\el90xbc5.sys **LOCKED**
22:16:57.976 Service EL90Xbc C:\WINNT\System32\DRIVERS\el90Xbc5.SYS **LOCKED**
22:16:57.986 Service Fd16_700 C:\WINNT\System32\Drivers\Fd16_700.sys **LOCKED**
22:16:57.986 Service Fdc C:\WINNT\System32\DRIVERS\fdc.sys **LOCKED**
22:16:57.986 Service Fips C:\WINNT\System32\Drivers\Fips.sys **LOCKED**
22:16:57.996 Service fireport C:\WINNT\System32\Drivers\fireport.sys **LOCKED**
22:16:57.996 Service flashpnt C:\WINNT\System32\Drivers\flashpnt.sys **LOCKED**
22:16:57.996 Service Flpydisk C:\WINNT\System32\DRIVERS\flpydisk.sys **LOCKED**
22:16:57.996 Service Fs_Rec C:\WINNT\System32\Drivers\Fs_Rec.sys **LOCKED**
22:16:57.996 Service Ftdisk C:\WINNT\System32\DRIVERS\ftdisk.sys **LOCKED**
22:16:58.006 Service fwdrv C:\WINNT\system32\Drivers\fwdrv.sys **LOCKED**
22:16:58.006 Service gameenum C:\WINNT\system32\DRIVERS\gameenum.sys **LOCKED**
22:16:58.006 Service Gpc C:\WINNT\System32\DRIVERS\msgpc.sys **LOCKED**
22:16:58.006 Service grmnusb C:\WINNT\system32\drivers\grmnusb.sys **LOCKED**
22:16:58.016 Service HidUsb C:\WINNT\System32\DRIVERS\hidusb.sys **LOCKED**
22:16:58.016 Service i8042prt C:\WINNT\System32\DRIVERS\i8042prt.sys **LOCKED**
22:16:58.016 Service idebd C:\WINNT\System32\DRIVERS\idebd.sys **LOCKED**
22:16:58.046 Service ini910u C:\WINNT\System32\Drivers\ini910u.sys **LOCKED**
22:16:58.046 Service IntelATA C:\WINNT\System32\DRIVERS\intelata.sys **LOCKED**
22:16:58.056 Service IntelIde C:\WINNT\System32\DRIVERS\intelide.sys **LOCKED**
22:16:58.056 Service IpFilterDriver C:\WINNT\System32\DRIVERS\ipfltdrv.sys **LOCKED**
22:16:58.056 Service IpInIp C:\WINNT\System32\DRIVERS\ipinip.sys **LOCKED**
22:16:58.056 Service IpNat C:\WINNT\System32\DRIVERS\ipnat.sys **LOCKED**
22:16:58.056 Service IPSEC C:\WINNT\System32\DRIVERS\ipsec.sys **LOCKED**
22:16:58.056 Service ipsraidn C:\WINNT\System32\Drivers\ipsraidn.sys **LOCKED**
22:16:58.056 Service IRENUM C:\WINNT\System32\DRIVERS\irenum.sys **LOCKED**
22:16:58.066 Service isapnp C:\WINNT\System32\DRIVERS\isapnp.sys **LOCKED**
22:16:58.096 Service Kbdclass C:\WINNT\System32\DRIVERS\kbdclass.sys **LOCKED**
22:16:58.096 Service kbdhid C:\WINNT\System32\DRIVERS\kbdhid.sys **LOCKED**
22:16:58.096 Service kmixer C:\WINNT\system32\drivers\kmixer.sys **LOCKED**
22:16:58.096 Service KSecDD C:\WINNT\System32\Drivers\KSecDD.sys **LOCKED**
22:16:58.106 Service lbrtfdc C:\WINNT\System32\Drivers\lbrtfdc.sys **LOCKED**
22:16:58.106 Service lp6nds35 C:\WINNT\System32\Drivers\lp6nds35.sys **LOCKED**
22:16:58.106 Service ltmodem5 C:\WINNT\System32\DRIVERS\ltmdmnt.sys **LOCKED**
22:16:58.106 Service mnmdd C:\WINNT\System32\Drivers\mnmdd.sys **LOCKED**
22:16:58.116 Service Modem C:\WINNT\System32\Drivers\Modem.sys **LOCKED**
22:16:58.116 Service MODEMCSA C:\WINNT\system32\drivers\MODEMCSA.sys **LOCKED**
22:16:58.116 Service Mouclass C:\WINNT\System32\DRIVERS\mouclass.sys **LOCKED**
22:16:58.116 Service mouhid C:\WINNT\System32\DRIVERS\mouhid.sys **LOCKED**
22:16:58.116 Service MountMgr C:\WINNT\System32\Drivers\MountMgr.sys **LOCKED**
22:16:58.126 Service mraid35x C:\WINNT\System32\Drivers\mraid35x.sys **LOCKED**
22:16:58.126 Service MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys **LOCKED**
22:16:58.126 Service MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys **LOCKED**
22:16:58.126 Service MSPQM C:\WINNT\system32\drivers\MSPQM.sys **LOCKED**
22:16:58.126 Service MSTEE C:\WINNT\system32\drivers\MSTEE.sys **LOCKED**
22:16:58.136 Service Ncrc710 C:\WINNT\System32\Drivers\Ncrc710.sys **LOCKED**
22:16:58.136 Service NDIS C:\WINNT\System32\Drivers\NDIS.sys **LOCKED**
22:16:58.136 Service NdisTapi C:\WINNT\System32\DRIVERS\ndistapi.sys **LOCKED**
22:16:58.136 Service Ndisuio C:\WINNT\System32\DRIVERS\ndisuio.sys **LOCKED**
22:16:58.136 Service NdisWan C:\WINNT\System32\DRIVERS\ndiswan.sys **LOCKED**
22:16:58.136 Service NDProxy C:\WINNT\System32\Drivers\NDProxy.sys **LOCKED**
22:16:58.146 Service NetBT C:\WINNT\System32\DRIVERS\netbt.sys **LOCKED**
22:16:58.146 Service NetDetect C:\WINNT\system32\drivers\netdtect.sys **LOCKED**
22:16:58.156 Service Null C:\WINNT\System32\Drivers\Null.sys **LOCKED**
22:16:58.156 Service nv C:\WINNT\System32\DRIVERS\nv4_mini.sys **LOCKED**
22:16:58.156 Service NwlnkFlt C:\WINNT\System32\DRIVERS\nwlnkflt.sys **LOCKED**
22:16:58.156 Service NwlnkFwd C:\WINNT\System32\DRIVERS\nwlnkfwd.sys **LOCKED**
22:16:58.156 Service Parallel C:\WINNT\System32\DRIVERS\parallel.sys **LOCKED**
22:16:58.166 Service Parport C:\WINNT\System32\DRIVERS\parport.sys **LOCKED**
22:16:58.166 Service PartMgr C:\WINNT\System32\Drivers\PartMgr.sys **LOCKED**
22:16:58.166 Service ParVdm C:\WINNT\System32\Drivers\ParVdm.sys **LOCKED**
22:16:58.176 Service PCI C:\WINNT\System32\DRIVERS\pci.sys **LOCKED**
22:16:58.176 Service PCIDump C:\WINNT\System32\Drivers\PCIDump.sys **LOCKED**
22:16:58.176 Service PCIIde C:\WINNT\System32\DRIVERS\pciide.sys **LOCKED**
22:16:58.176 Service Pcmcia C:\WINNT\System32\Drivers\Pcmcia.sys **LOCKED**
22:16:58.176 Service PptpMiniport C:\WINNT\System32\DRIVERS\raspptp.sys **LOCKED**
22:16:58.186 Service Ptilink C:\WINNT\System32\DRIVERS\ptilink.sys **LOCKED**
22:16:58.186 Service PxHelp20 C:\WINNT\System32\Drivers\PxHelp20.sys **LOCKED**
22:16:58.186 Service ql1080 C:\WINNT\System32\Drivers\ql1080.sys **LOCKED**
22:16:58.186 Service Ql10wnt C:\WINNT\System32\Drivers\Ql10wnt.sys **LOCKED**
22:16:58.186 Service ql1240 C:\WINNT\System32\Drivers\ql1240.sys **LOCKED**
22:16:58.196 Service ql2100 C:\WINNT\System32\Drivers\ql2100.sys **LOCKED**
22:16:58.196 Service RasAcd C:\WINNT\System32\DRIVERS\rasacd.sys **LOCKED**
22:16:58.196 Service Rasl2tp C:\WINNT\System32\DRIVERS\rasl2tp.sys **LOCKED**
22:16:58.196 Service Raspti C:\WINNT\System32\DRIVERS\raspti.sys **LOCKED**
22:16:58.206 Service RCA C:\WINNT\system32\drivers\RCA.sys **LOCKED**
22:16:58.206 Service redbook C:\WINNT\System32\DRIVERS\redbook.sys **LOCKED**
22:16:58.206 Service ROOTMODEM C:\WINNT\System32\Drivers\RootMdm.sys **LOCKED**
22:16:58.216 Service rt2870 C:\WINNT\system32\DRIVERS\rt2870.sys **LOCKED**
22:16:58.216 Service RT80x86 C:\WINNT\system32\DRIVERS\RT2860.sys **LOCKED**
22:16:58.216 Service SASDIFSV D:\win\SUPERAntiSpyware\SASDIFSV.SYS **LOCKED**
22:16:58.216 Service SASKUTIL D:\win\SUPERAntiSpyware\SASKUTIL.SYS **LOCKED**
22:16:58.226 Service scsiscan C:\WINNT\System32\DRIVERS\scsiscan.sys **LOCKED**
22:16:58.226 Service serenum C:\WINNT\System32\DRIVERS\serenum.sys **LOCKED**
22:16:58.226 Service Serial C:\WINNT\System32\DRIVERS\serial.sys **LOCKED**
22:16:58.226 Service Sfloppy C:\WINNT\System32\Drivers\Sfloppy.sys **LOCKED**
22:16:58.236 Service sglfb C:\WINNT\System32\Drivers\sglfb.sys **LOCKED**
22:16:58.236 Service Simbad C:\WINNT\System32\Drivers\Simbad.sys **LOCKED**
22:16:58.236 Service Sparrow C:\WINNT\System32\Drivers\Sparrow.sys **LOCKED**
22:16:58.236 Service StillCam C:\WINNT\System32\DRIVERS\serscan.sys **LOCKED**
22:16:58.246 Service swenum C:\WINNT\System32\DRIVERS\swenum.sys **LOCKED**
22:16:58.246 Service swmidi C:\WINNT\system32\drivers\swmidi.sys **LOCKED**
22:16:58.246 Service symc810 C:\WINNT\System32\Drivers\symc810.sys **LOCKED**
22:16:58.246 Service symc8xx C:\WINNT\System32\Drivers\symc8xx.sys **LOCKED**
22:16:58.246 Service sym_hi C:\WINNT\System32\Drivers\sym_hi.sys **LOCKED**
22:16:58.246 Service sysaudio C:\WINNT\system32\drivers\sysaudio.sys **LOCKED**
22:16:58.256 Service tbcspud C:\WINNT\system32\drivers\tbcspud.sys **LOCKED**
22:16:58.256 Service tbcwdm C:\WINNT\system32\drivers\tbcwdm.sys **LOCKED**
22:16:58.266 Service Tcpip C:\WINNT\System32\DRIVERS\tcpip.sys **LOCKED**
22:16:58.266 Service tga C:\WINNT\System32\Drivers\tga.sys **LOCKED**
22:16:58.266 Service uhcd C:\WINNT\System32\DRIVERS\uhcd.sys **LOCKED**
22:16:58.266 Service ultra66 C:\WINNT\System32\Drivers\ultra66.sys **LOCKED**
22:16:58.266 Service Update C:\WINNT\System32\DRIVERS\update.sys **LOCKED**
22:16:58.276 Service usbhub C:\WINNT\System32\DRIVERS\usbhub.sys **LOCKED**
22:16:58.276 Service usbprint C:\WINNT\System32\DRIVERS\usbprint.sys **LOCKED**
22:16:58.276 Service usbscan C:\WINNT\System32\DRIVERS\usbscan.sys **LOCKED**
22:16:58.276 Service USBSTOR C:\WINNT\System32\DRIVERS\USBSTOR.SYS **LOCKED**
22:16:58.276 Service VgaSave C:\WINNT\System32\drivers\vga.sys **LOCKED**
22:16:58.286 Service Wanarp C:\WINNT\System32\DRIVERS\wanarp.sys **LOCKED**
22:16:58.286 Service wdmaud C:\WINNT\system32\drivers\wdmaud.sys **LOCKED**
22:16:58.286 Service Winsock C:\WINNT\System32\Drivers\Winsock.sys **LOCKED**
22:16:58.797 Modules scanning
22:16:58.797 Disk 0 trace - called modules:
22:16:58.797
22:16:59.048 AVAST engine scan C:\WINNT
22:17:04.485 AVAST engine scan C:\WINNT\system32
22:18:49.937 AVAST engine scan C:\WINNT\system32\drivers
22:18:56.747 AVAST engine scan C:\Documents and Settings\Lowell Jensen
22:19:47.670 AVAST engine scan C:\Documents and Settings\All Users
22:19:52.968 Scan finished successfully
22:20:44.582 The log file has been saved successfully to "C:\Documents and Settings\Lowell Jensen\Desktop\aswMBR.txt"

This post has been edited by ljen: 12 February 2012 - 12:35 AM

We'll come back to the D partition if we need to but first we should see what drivers have been infected.

Please download ComboFix from one of these locations:

• Bleepingcomputer
  
• ForoSpyware

* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe

• Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Comfix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Sorry, but ComboFix didn't work. I'm running Windows 2000 Pro, and it says it only works for XP and later.
-ljen

This post has been edited by ljen: 12 February 2012 - 11:39 PM

That's a shame. Please run TDSSKiller - which should work fine

• Download TDSSKiller and save it to your Desktop.
  
  
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
  
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt
  
  
  
• Now click Start Scan.
  
  
• If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  
  
• Click Close
  
  
• Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Sorry again, m0le. When I click on it, I get the following notification:
C:\Documents and Settings\Lowell Jensen\Desktop\TDSSKiller.exe is not a valid Win32 application .
I tried redownloading but got the same result.
-ljen

TDSSKiller should run here.

Let's get a scan from your D partition with aswMBR

Next please run OTL on the C drive.

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

m0le,
I pasted the logs below in this order:
aswMBR D partition
OTL.txt
Extras.txt

I wasn't sure if it mattered that the File Age in OTL was set to 30 days, because it might have been slightly more than that since my computer got infected. So I moved the two .txt files and ran OTL again with File Age set to 60 days. The OTL.txt that it generated this time is attached as a .zip. It didn't produce an Extras.txt file.

-ljen




aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 20:24:08
-----------------------------
20:24:08.917 OS Version: Windows 5.0.2195 Service Pack 4
20:24:08.917 Number of processors: 1 586 0xA
20:24:08.917 ComputerName: MAX UserName:
20:24:10.389 Initialze error C0000263 - driver not loaded
20:31:37.522 AVAST engine defs: 12021302
20:32:27.684 Service scanning
20:32:28.305 Service Abiosdsk C:\WINNT\System32\Drivers\Abiosdsk.sys **LOCKED**
20:32:28.305 Service abp480n5 C:\WINNT\System32\Drivers\abp480n5.sys **LOCKED**
20:32:28.315 Service ACPI C:\WINNT\System32\DRIVERS\ACPI.sys **LOCKED**
20:32:28.315 Service ACPIEC C:\WINNT\System32\Drivers\ACPIEC.sys **LOCKED**
20:32:28.315 Service adpu160m C:\WINNT\System32\Drivers\adpu160m.sys **LOCKED**
20:32:28.315 Service AegisP C:\WINNT\system32\DRIVERS\AegisP.sys **LOCKED**
20:32:28.315 Service AFD C:\WINNT\System32\drivers\afd.sys **LOCKED**
20:32:28.315 Service agp440 C:\WINNT\System32\DRIVERS\agp440.sys **LOCKED**
20:32:28.315 Service Aha154x C:\WINNT\System32\Drivers\Aha154x.sys **LOCKED**
20:32:28.325 Service aic116x C:\WINNT\System32\Drivers\aic116x.sys **LOCKED**
20:32:28.325 Service aic78u2 C:\WINNT\System32\Drivers\aic78u2.sys **LOCKED**
20:32:28.325 Service aic78xx C:\WINNT\System32\Drivers\aic78xx.sys **LOCKED**
20:32:28.645 Service ami0nt C:\WINNT\System32\Drivers\ami0nt.sys **LOCKED**
20:32:28.645 Service amsint C:\WINNT\System32\Drivers\amsint.sys **LOCKED**
20:32:28.645 Service asc C:\WINNT\System32\Drivers\asc.sys **LOCKED**
20:32:28.645 Service asc3350p C:\WINNT\System32\Drivers\asc3350p.sys **LOCKED**
20:32:28.655 Service asc3550 C:\WINNT\System32\Drivers\asc3550.sys **LOCKED**
20:32:28.655 Service Aspi32 C:\WINNT\System32\Drivers\Aspi32.sys **LOCKED**
20:32:28.655 Service AsyncMac C:\WINNT\System32\DRIVERS\asyncmac.sys **LOCKED**
20:32:28.655 Service atapi C:\WINNT\System32\DRIVERS\atapi.sys **LOCKED**
20:32:28.655 Service Atdisk C:\WINNT\System32\Drivers\Atdisk.sys **LOCKED**
20:32:28.665 Service Atmarpc C:\WINNT\System32\DRIVERS\atmarpc.sys **LOCKED**
20:32:28.665 Service audstub C:\WINNT\System32\DRIVERS\audstub.sys **LOCKED**
20:32:28.665 Service Beep C:\WINNT\System32\Drivers\Beep.sys **LOCKED**
20:32:28.665 Service BusLogic C:\WINNT\System32\Drivers\BusLogic.sys **LOCKED**
20:32:28.675 Service CA561 C:\WINNT\System32\Drivers\SPCA561.SYS **LOCKED**
20:32:28.675 Service ccdecode C:\WINNT\system32\drivers\ccdecode.sys **LOCKED**
20:32:28.675 Service cd20xrnt C:\WINNT\System32\Drivers\cd20xrnt.sys **LOCKED**
20:32:28.675 Service Cdaudio C:\WINNT\System32\Drivers\Cdaudio.sys **LOCKED**
20:32:28.675 Service Cdr4_2K C:\WINNT\System32\Drivers\Cdr4_2K.sys **LOCKED**
20:32:28.675 Service Cdralw2k C:\WINNT\System32\Drivers\Cdralw2k.sys **LOCKED**
20:32:28.685 Service Cdrom C:\WINNT\System32\DRIVERS\cdrom.sys **LOCKED**
20:32:28.685 Service Changer C:\WINNT\System32\Drivers\Changer.sys **LOCKED**
20:32:28.685 Service cmosa C:\WINNT\System32\Drivers\cmosa.sys **LOCKED**
20:32:28.695 Service Cpqarray C:\WINNT\System32\Drivers\Cpqarray.sys **LOCKED**
20:32:28.695 Service cpqarry2 C:\WINNT\System32\Drivers\cpqarry2.sys **LOCKED**
20:32:28.695 Service cpqfcalm C:\WINNT\System32\Drivers\cpqfcalm.sys **LOCKED**
20:32:28.695 Service cpqfws2e C:\WINNT\System32\Drivers\cpqfws2e.sys **LOCKED**
20:32:28.705 Service cwcspud C:\WINNT\system32\drivers\cwcspud.sys **LOCKED**
20:32:28.705 Service dac960nt C:\WINNT\System32\Drivers\dac960nt.sys **LOCKED**
20:32:28.705 Service deckzpsx C:\WINNT\System32\Drivers\deckzpsx.sys **LOCKED**
20:32:28.705 Service Disk C:\WINNT\System32\DRIVERS\disk.sys **LOCKED**
20:32:28.715 Service Diskperf C:\WINNT\System32\Drivers\Diskperf.sys **LOCKED**
20:32:28.715 Service dmboot C:\WINNT\System32\drivers\dmboot.sys **LOCKED**
20:32:28.715 Service dmio C:\WINNT\System32\drivers\dmio.sys **LOCKED**
20:32:28.715 Service dmload C:\WINNT\System32\drivers\dmload.sys **LOCKED**
20:32:28.715 Service DMusic C:\WINNT\system32\drivers\DMusic.sys **LOCKED**
20:32:28.725 Service EL90BC C:\WINNT\System32\DRIVERS\el90xbc5.sys **LOCKED**
20:32:28.725 Service EL90Xbc C:\WINNT\System32\DRIVERS\el90Xbc5.SYS **LOCKED**
20:32:28.735 Service Fd16_700 C:\WINNT\System32\Drivers\Fd16_700.sys **LOCKED**
20:32:28.735 Service Fdc C:\WINNT\System32\DRIVERS\fdc.sys **LOCKED**
20:32:28.735 Service Fips C:\WINNT\System32\Drivers\Fips.sys **LOCKED**
20:32:28.745 Service fireport C:\WINNT\System32\Drivers\fireport.sys **LOCKED**
20:32:28.745 Service flashpnt C:\WINNT\System32\Drivers\flashpnt.sys **LOCKED**
20:32:28.745 Service Flpydisk C:\WINNT\System32\DRIVERS\flpydisk.sys **LOCKED**
20:32:28.745 Service Fs_Rec C:\WINNT\System32\Drivers\Fs_Rec.sys **LOCKED**
20:32:28.745 Service Ftdisk C:\WINNT\System32\DRIVERS\ftdisk.sys **LOCKED**
20:32:28.745 Service fwdrv C:\WINNT\system32\Drivers\fwdrv.sys **LOCKED**
20:32:28.755 Service gameenum C:\WINNT\system32\DRIVERS\gameenum.sys **LOCKED**
20:32:28.755 Service Gpc C:\WINNT\System32\DRIVERS\msgpc.sys **LOCKED**
20:32:28.755 Service grmnusb C:\WINNT\system32\drivers\grmnusb.sys **LOCKED**
20:32:28.765 Service HidUsb C:\WINNT\System32\DRIVERS\hidusb.sys **LOCKED**
20:32:28.765 Service i8042prt C:\WINNT\System32\DRIVERS\i8042prt.sys **LOCKED**
20:32:28.765 Service idebd C:\WINNT\System32\DRIVERS\idebd.sys **LOCKED**
20:32:28.785 Service ini910u C:\WINNT\System32\Drivers\ini910u.sys **LOCKED**
20:32:28.785 Service IntelATA C:\WINNT\System32\DRIVERS\intelata.sys **LOCKED**
20:32:28.795 Service IntelIde C:\WINNT\System32\DRIVERS\intelide.sys **LOCKED**
20:32:28.795 Service IpFilterDriver C:\WINNT\System32\DRIVERS\ipfltdrv.sys **LOCKED**
20:32:28.795 Service IpInIp C:\WINNT\System32\DRIVERS\ipinip.sys **LOCKED**
20:32:28.795 Service IpNat C:\WINNT\System32\DRIVERS\ipnat.sys **LOCKED**
20:32:28.795 Service IPSEC C:\WINNT\System32\DRIVERS\ipsec.sys **LOCKED**
20:32:28.795 Service ipsraidn C:\WINNT\System32\Drivers\ipsraidn.sys **LOCKED**
20:32:28.795 Service IRENUM C:\WINNT\System32\DRIVERS\irenum.sys **LOCKED**
20:32:28.805 Service isapnp C:\WINNT\System32\DRIVERS\isapnp.sys **LOCKED**
20:32:28.815 Service Kbdclass C:\WINNT\System32\DRIVERS\kbdclass.sys **LOCKED**
20:32:28.825 Service kbdhid C:\WINNT\System32\DRIVERS\kbdhid.sys **LOCKED**
20:32:28.825 Service kmixer C:\WINNT\system32\drivers\kmixer.sys **LOCKED**
20:32:28.825 Service KSecDD C:\WINNT\System32\Drivers\KSecDD.sys **LOCKED**
20:32:28.825 Service lbrtfdc C:\WINNT\System32\Drivers\lbrtfdc.sys **LOCKED**
20:32:28.825 Service lp6nds35 C:\WINNT\System32\Drivers\lp6nds35.sys **LOCKED**
20:32:28.835 Service ltmodem5 C:\WINNT\System32\DRIVERS\ltmdmnt.sys **LOCKED**
20:32:28.835 Service mnmdd C:\WINNT\System32\Drivers\mnmdd.sys **LOCKED**
20:32:28.835 Service Modem C:\WINNT\System32\Drivers\Modem.sys **LOCKED**
20:32:28.835 Service MODEMCSA C:\WINNT\system32\drivers\MODEMCSA.sys **LOCKED**
20:32:28.835 Service Mouclass C:\WINNT\System32\DRIVERS\mouclass.sys **LOCKED**
20:32:28.845 Service mouhid C:\WINNT\System32\DRIVERS\mouhid.sys **LOCKED**
20:32:28.845 Service MountMgr C:\WINNT\System32\Drivers\MountMgr.sys **LOCKED**
20:32:28.845 Service mraid35x C:\WINNT\System32\Drivers\mraid35x.sys **LOCKED**
20:32:28.845 Service MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys **LOCKED**
20:32:28.845 Service MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys **LOCKED**
20:32:28.855 Service MSPQM C:\WINNT\system32\drivers\MSPQM.sys **LOCKED**
20:32:28.855 Service MSTEE C:\WINNT\system32\drivers\MSTEE.sys **LOCKED**
20:32:28.855 Service Ncrc710 C:\WINNT\System32\Drivers\Ncrc710.sys **LOCKED**
20:32:28.855 Service NDIS C:\WINNT\System32\Drivers\NDIS.sys **LOCKED**
20:32:28.855 Service NdisTapi C:\WINNT\System32\DRIVERS\ndistapi.sys **LOCKED**
20:32:28.855 Service Ndisuio C:\WINNT\System32\DRIVERS\ndisuio.sys **LOCKED**
20:32:28.865 Service NdisWan C:\WINNT\System32\DRIVERS\ndiswan.sys **LOCKED**
20:32:28.865 Service NDProxy C:\WINNT\System32\Drivers\NDProxy.sys **LOCKED**
20:32:28.865 Service NetBT C:\WINNT\System32\DRIVERS\netbt.sys **LOCKED**
20:32:28.865 Service NetDetect C:\WINNT\system32\drivers\netdtect.sys **LOCKED**
20:32:28.875 Service Null C:\WINNT\System32\Drivers\Null.sys **LOCKED**
20:32:28.875 Service nv C:\WINNT\System32\DRIVERS\nv4_mini.sys **LOCKED**
20:32:28.875 Service NwlnkFlt C:\WINNT\System32\DRIVERS\nwlnkflt.sys **LOCKED**
20:32:28.875 Service NwlnkFwd C:\WINNT\System32\DRIVERS\nwlnkfwd.sys **LOCKED**
20:32:28.885 Service Parallel C:\WINNT\System32\DRIVERS\parallel.sys **LOCKED**
20:32:28.885 Service Parport C:\WINNT\System32\DRIVERS\parport.sys **LOCKED**
20:32:28.885 Service PartMgr C:\WINNT\System32\Drivers\PartMgr.sys **LOCKED**
20:32:28.885 Service ParVdm C:\WINNT\System32\Drivers\ParVdm.sys **LOCKED**
20:32:28.895 Service PCI C:\WINNT\System32\DRIVERS\pci.sys **LOCKED**
20:32:28.895 Service PCIDump C:\WINNT\System32\Drivers\PCIDump.sys **LOCKED**
20:32:28.895 Service PCIIde C:\WINNT\System32\DRIVERS\pciide.sys **LOCKED**
20:32:28.895 Service Pcmcia C:\WINNT\System32\Drivers\Pcmcia.sys **LOCKED**
20:32:28.905 Service PptpMiniport C:\WINNT\System32\DRIVERS\raspptp.sys **LOCKED**
20:32:28.905 Service Ptilink C:\WINNT\System32\DRIVERS\ptilink.sys **LOCKED**
20:32:28.905 Service PxHelp20 C:\WINNT\System32\Drivers\PxHelp20.sys **LOCKED**
20:32:28.905 Service ql1080 C:\WINNT\System32\Drivers\ql1080.sys **LOCKED**
20:32:28.905 Service Ql10wnt C:\WINNT\System32\Drivers\Ql10wnt.sys **LOCKED**
20:32:28.915 Service ql1240 C:\WINNT\System32\Drivers\ql1240.sys **LOCKED**
20:32:28.915 Service ql2100 C:\WINNT\System32\Drivers\ql2100.sys **LOCKED**
20:32:28.915 Service RasAcd C:\WINNT\System32\DRIVERS\rasacd.sys **LOCKED**
20:32:28.915 Service Rasl2tp C:\WINNT\System32\DRIVERS\rasl2tp.sys **LOCKED**
20:32:28.925 Service Raspti C:\WINNT\System32\DRIVERS\raspti.sys **LOCKED**
20:32:28.925 Service RCA C:\WINNT\system32\drivers\RCA.sys **LOCKED**
20:32:28.925 Service redbook C:\WINNT\System32\DRIVERS\redbook.sys **LOCKED**
20:32:28.935 Service ROOTMODEM C:\WINNT\System32\Drivers\RootMdm.sys **LOCKED**
20:32:28.935 Service rt2870 C:\WINNT\system32\DRIVERS\rt2870.sys **LOCKED**
20:32:28.935 Service RT80x86 C:\WINNT\system32\DRIVERS\RT2860.sys **LOCKED**
20:32:28.935 Service SASDIFSV D:\win\SUPERAntiSpyware\SASDIFSV.SYS **LOCKED**
20:32:28.935 Service SASKUTIL D:\win\SUPERAntiSpyware\SASKUTIL.SYS **LOCKED**
20:32:28.946 Service scsiscan C:\WINNT\System32\DRIVERS\scsiscan.sys **LOCKED**
20:32:28.946 Service serenum C:\WINNT\System32\DRIVERS\serenum.sys **LOCKED**
20:32:28.946 Service Serial C:\WINNT\System32\DRIVERS\serial.sys **LOCKED**
20:32:28.946 Service Sfloppy C:\WINNT\System32\Drivers\Sfloppy.sys **LOCKED**
20:32:28.956 Service sglfb C:\WINNT\System32\Drivers\sglfb.sys **LOCKED**
20:32:28.956 Service Simbad C:\WINNT\System32\Drivers\Simbad.sys **LOCKED**
20:32:28.956 Service Sparrow C:\WINNT\System32\Drivers\Sparrow.sys **LOCKED**
20:32:28.956 Service StillCam C:\WINNT\System32\DRIVERS\serscan.sys **LOCKED**
20:32:28.966 Service swenum C:\WINNT\System32\DRIVERS\swenum.sys **LOCKED**
20:32:28.966 Service swmidi C:\WINNT\system32\drivers\swmidi.sys **LOCKED**
20:32:28.966 Service symc810 C:\WINNT\System32\Drivers\symc810.sys **LOCKED**
20:32:28.966 Service symc8xx C:\WINNT\System32\Drivers\symc8xx.sys **LOCKED**
20:32:28.966 Service sym_hi C:\WINNT\System32\Drivers\sym_hi.sys **LOCKED**
20:32:28.976 Service sysaudio C:\WINNT\system32\drivers\sysaudio.sys **LOCKED**
20:32:28.976 Service tbcspud C:\WINNT\system32\drivers\tbcspud.sys **LOCKED**
20:32:28.986 Service tbcwdm C:\WINNT\system32\drivers\tbcwdm.sys **LOCKED**
20:32:28.986 Service Tcpip C:\WINNT\System32\DRIVERS\tcpip.sys **LOCKED**
20:32:28.986 Service tga C:\WINNT\System32\Drivers\tga.sys **LOCKED**
20:32:28.986 Service uhcd C:\WINNT\System32\DRIVERS\uhcd.sys **LOCKED**
20:32:28.986 Service ultra66 C:\WINNT\System32\Drivers\ultra66.sys **LOCKED**
20:32:28.996 Service Update C:\WINNT\System32\DRIVERS\update.sys **LOCKED**
20:32:28.996 Service usbhub C:\WINNT\System32\DRIVERS\usbhub.sys **LOCKED**
20:32:28.996 Service usbprint C:\WINNT\System32\DRIVERS\usbprint.sys **LOCKED**
20:32:28.996 Service usbscan C:\WINNT\System32\DRIVERS\usbscan.sys **LOCKED**
20:32:28.996 Service USBSTOR C:\WINNT\System32\DRIVERS\USBSTOR.SYS **LOCKED**
20:32:29.006 Service VgaSave C:\WINNT\System32\drivers\vga.sys **LOCKED**
20:32:29.006 Service Wanarp C:\WINNT\System32\DRIVERS\wanarp.sys **LOCKED**
20:32:29.006 Service wdmaud C:\WINNT\system32\drivers\wdmaud.sys **LOCKED**
20:32:29.006 Service Winsock C:\WINNT\System32\Drivers\Winsock.sys **LOCKED**
20:32:29.516 Modules scanning
20:32:29.516 Disk 0 trace - called modules:
20:32:29.516
20:32:29.787 AVAST engine scan D:\
20:38:50.124 Scan finished successfully
20:39:13.728 The log file has been saved successfully to "C:\Documents and Settings\Lowell Jensen\Desktop\aswMBR.txt"





OTL logfile created on: 2/13/2012 8:41:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lowell Jensen\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.08 Mb Total Physical Memory | 348.12 Mb Available Physical Memory | 68.11% Memory free
1.22 Gb Paging File | 1.07 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = D:\win
Drive C: | 7.81 Gb Total Space | 1.01 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
Drive D: | 38.22 Gb Total Space | 2.27 Gb Free Space | 5.95% Space Free | Partition Type: FAT32

Computer Name: MAX | User Name: Lowell Jensen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Lowell Jensen\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\win\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\WINNT\system32\mstask.exe (Microsoft Corporation)
PRC - C:\WINNT\explorer.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
PRC - C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
PRC - D:\win\Kerio Personal Firewall\PERSFW.exe (Kerio Technologies)
PRC - C:\WINNT\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
PRC - C:\WINNT\system32\ltmsg.exe (LUCENT TECHNOLOGIES)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\RALINK\Common\acAuth.dll ()


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- File not found
SRV - (!SASCORE) -- D:\win\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (Schedule) -- C:\WINNT\system32\mstask.exe (Microsoft Corporation)
SRV - (WinMgmt) -- C:\WINNT\system32\wbem\WinMgmt.exe (Microsoft Corporation)
SRV - (dmadmin) -- C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SRV - (Fax) -- C:\WINNT\system32\FAXSVC.EXE (Microsoft Corporation)
SRV - (RemoteRegistry) -- C:\WINNT\system32\regsvc.exe (Microsoft Corporation)
SRV - (StiSvc) -- C:\WINNT\system32\stisvc.exe (Microsoft Corporation)
SRV - (UtilMan) -- C:\WINNT\system32\utilman.exe (Microsoft Corporation)
SRV - (HidServ) -- C:\WINNT\system32\hidserv.exe (Microsoft Corporation)
SRV - (PersFw) -- D:\win\Kerio Personal Firewall\persfw.exe (Kerio Technologies)


========== Driver Services (SafeList) ==========

DRV - (rt2870) -- C:\WINNT\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (SASDIFSV) -- D:\win\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- D:\win\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RT80x86) -- C:\WINNT\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (Cdralw2k) -- C:\WINNT\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_2K) -- C:\WINNT\System32\drivers\cdr4_2k.sys (Sonic Solutions)
DRV - (gameenum) -- C:\WINNT\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (dmboot) -- C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
DRV - (dmio) -- C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
DRV - (Parallel) -- C:\WINNT\system32\drivers\parallel.sys (Microsoft Corporation)
DRV - (uhcd) -- C:\WINNT\system32\drivers\uhcd.sys (Microsoft Corporation)
DRV - (EFS) -- C:\WINNT\System32\drivers\efs.sys (Microsoft Corporation)
DRV - (Diskperf) -- C:\WINNT\System32\drivers\diskperf.sys (Microsoft Corporation)
DRV - (dmload) -- C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
DRV - (tbcwdm) -- C:\WINNT\system32\drivers\tbcwdm.sys (Voyetra Turtle Beach)
DRV - (tbcspud) -- C:\WINNT\system32\drivers\tbcspud.sys (Voyetra Turtle Beach)
DRV - (fwdrv) -- C:\WINNT\system32\drivers\FWDRV.SYS ()
DRV - (EL90Xbc) -- C:\WINNT\system32\drivers\el90Xbc5.SYS (3Com Corporation)
DRV - (EL90BC) -- C:\WINNT\system32\drivers\el90Xbc5.SYS (3Com Corporation)
DRV - (ltmodem5) -- C:\WINNT\system32\drivers\ltmdmnt.sys (LT)
DRV - (RCA) -- C:\WINNT\system32\drivers\rca.sys (Microsoft Corporation)
DRV - (NetDetect) -- C:\WINNT\system32\drivers\netdtect.sys (Microsoft Corporation)
DRV - (IntelATA) -- C:\WINNT\System32\DRIVERS\intelata.sys (Intel Corporation)
DRV - (idebd) -- C:\WINNT\System32\DRIVERS\idebd.sys (Intel Corporation)
DRV - (cmosa) -- C:\WINNT\System32\drivers\cmosa.sys (Dell Computer Corporation.)
DRV - (cwcspud) Crystal SoundFusion™ -- C:\WINNT\system32\drivers\cwcspud.sys (Microsoft Corporation)
DRV - (scsiscan) -- C:\WINNT\system32\drivers\scsiscan.sys ()
DRV - (Aspi32) -- C:\WINNT\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINNT\system32\SHDOCVW.DLL (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "resource:///readme.html"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\win\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: D:\win\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINNT\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\win\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\win\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\win\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: D:\win\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINNT\SYSTEM32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/06/29 14:00:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/05 07:58:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/03 15:56:56 | 000,000,000 | ---D | M]

[2011/12/05 07:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lowell Jensen\Application Data\Mozilla\Extensions
[2011/12/05 07:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lowell Jensen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/02/11 16:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lowell Jensen\Application Data\Mozilla\Extensions-BackupByFirefoxPortable
[2011/02/11 16:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lowell Jensen\Application Data\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/01/27 21:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lowell Jensen\Application Data\Mozilla\Firefox\Profiles\retlmslp.default\extensions
[2012/01/10 21:51:56 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\Lowell Jensen\Application Data\Mozilla\Firefox\Profiles\retlmslp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

O1 HOSTS File: ([2000/07/26 10:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\win\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINNT\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/25 20:58:07 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINNT\system32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINNT\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab (Reg Error: Key error.)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://config.skillcheck.com/onlinetesting/icaclients/win32/8.1.00/onlinetesting.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1328142197540 (WUWebControl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38600.9359606481 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/zone/datafiles/heartbeat.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.12.15.1 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAFC3509-64C3-4CD7-8FF5-D6520BF33D51}: DhcpNameServer = 10.12.15.1 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINNT\system32\INETCOMM.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINNT\system32\URLMON.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINNT\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINNT\system32\MSHTML.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) -C:\WINNT\system32\USERINIT.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINNT\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINNT\System32\SYSDM.CPL (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\win\SUPERAntiSpyware\SASWINLO.DLL) - D:\win\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINNT\System32\CRYPT32.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINNT\System32\CRYPTNET.DLL (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINNT\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINNT\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINNT\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\system32\netshell.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINNT\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINNT\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINNT\system32\BROWSEUI.DLL (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: D:\docs\Pictures\Raphael Disputation wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\docs\Pictures\Raphael Disputation wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\win\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINNT\System32\SHELL32.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINNT\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINNT\System32\SCHANNEL.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINNT\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINNT\System32\msnsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (zwebauth.dll) -C:\WINNT\System32\ZWebAuth.dll ()
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINNT\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINNT\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINNT\System32\schannel.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/05 20:08:38 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 20:19:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lowell Jensen\Desktop\OTL.exe
[2012/02/13 16:37:09 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lowell Jensen\Desktop\TDSSKiller.exe
[2012/02/12 21:28:09 | 004,402,282 | ---- | C] (Swearware) -- C:\Documents and Settings\Lowell Jensen\Desktop\comfix.exe
[2012/02/11 21:15:16 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Lowell Jensen\Desktop\aswMBR.exe
[2012/02/08 21:06:32 | 000,000,000 | ---D | C] -- D:\docs\food
[2012/02/08 20:41:53 | 000,000,000 | ---D | C] -- D:\docs\teaching
[2012/02/06 21:36:18 | 000,000,000 | ---D | C] -- D:\docs\My Pictures
[2012/02/06 21:36:18 | 000,000,000 | ---D | C] -- D:\docs\Lowell
[2012/02/01 18:18:55 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINNT\System32\drivers\SBREDrv.sys
[2012/02/01 18:05:17 | 000,000,000 | ---D | C] -- C:\WINNT\Local Settings
[2012/02/01 18:03:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/01 18:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/01 17:47:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- D:\win\hijackthis.exe
[2012/02/01 17:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lowell Jensen\Application Data\SUPERAntiSpyware.com
[2012/02/01 17:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/02/01 17:39:00 | 000,000,000 | ---D | C] -- D:\win\SUPERAntiSpyware
[2012/02/01 17:33:30 | 000,050,688 | ---- | C] (Atribune.org) -- D:\win\ATF-Cleaner.exe
[2012/01/27 18:41:05 | 000,000,000 | ---D | C] -- D:\win\Rootkit Revealer
[2012/01/26 19:16:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lowell Jensen\Application Data\Malwarebytes
[2012/01/26 19:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/26 19:16:01 | 000,018,800 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2012/01/26 19:16:01 | 000,000,000 | ---D | C] -- D:\win\Malwarebytes
[2012/01/21 14:00:05 | 000,000,000 | ---D | C] -- D:\win\MRU-Blaster
[2012/01/21 11:50:31 | 000,000,000 | ---D | C] -- D:\win\Spybot
[2012/01/21 11:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/19 17:55:07 | 000,000,000 | ---D | C] -- D:\docs\Downloads
[2012/01/18 23:25:55 | 000,000,000 | ---D | C] -- D:\docs\seminary
[2012/01/18 23:22:11 | 000,000,000 | ---D | C] -- D:\docs\archive graphics
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/13 20:23:52 | 000,029,204 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2012/02/13 20:23:08 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 20:19:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lowell Jensen\Desktop\OTL.exe
[2012/02/13 16:43:55 | 002,042,462 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\tdsskiller.zip
[2012/02/13 16:33:07 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\constant echo requests from Tcpip Kernel Driver; Google redirected; GLARM in registry.URL
[2012/02/13 00:12:41 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\The carthusian way.URL
[2012/02/12 23:28:32 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Message of His Holiness Benedict XVI for Lent 2012.URL
[2012/02/12 21:28:52 | 004,402,282 | ---- | M] (Swearware) -- C:\Documents and Settings\Lowell Jensen\Desktop\comfix.exe
[2012/02/12 19:29:54 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\johnnnn.mp3
[2012/02/12 19:29:00 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Isaiah.mp3
[2012/02/12 14:16:20 | 027,382,868 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\John_KJV_mp3_complete--audiotreasure_com.zip
[2012/02/11 21:18:32 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Lowell Jensen\Desktop\aswMBR.exe
[2012/02/11 16:59:22 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Lowell Jensen\Desktop\TDSSKiller.exe
[2012/02/10 16:31:28 | 000,000,067 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Croatia.URL
[2012/02/08 23:00:19 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\teaching.lnk
[2012/02/06 23:17:40 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\ark.zip
[2012/02/06 22:18:27 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\firewall log.lnk
[2012/02/06 22:12:42 | 000,008,410 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\firewall_log.zip
[2012/02/06 21:40:30 | 000,002,330 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\attach.zip
[2012/02/06 18:32:38 | 000,018,252 | ---- | M] () -- D:\docs\KeePassDatabase.kdb
[2012/02/03 20:11:01 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Application Data\Microsoft\Internet Explorer\Quick Launch\contacts.lnk
[2012/02/03 19:58:08 | 000,002,792 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\.recently-used.xbel
[2012/02/02 19:18:11 | 000,000,410 | ---- | M] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2012/02/02 17:49:55 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Lavasoft Support Forums.URL
[2012/02/01 18:18:00 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINNT\System32\drivers\SBREDrv.sys
[2012/02/01 18:17:50 | 000,000,064 | ---- | M] () -- C:\WINNT\System32\rp_stats.dat
[2012/02/01 18:17:50 | 000,000,044 | ---- | M] () -- C:\WINNT\System32\rp_rules.dat
[2012/02/01 17:47:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\win\hijackthis.exe
[2012/02/01 17:27:44 | 000,050,688 | ---- | M] (Atribune.org) -- D:\win\ATF-Cleaner.exe
[2012/01/27 19:01:19 | 000,000,147 | ---- | M] () -- C:\WINNT\winamp.ini
[2012/01/26 19:24:12 | 002,075,392 | ---- | M] () -- C:\WINNT\System32\OTXEKROAEF
[2012/01/21 23:20:08 | 000,148,992 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/20 19:42:51 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/01/20 17:45:10 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Word Templates.lnk
[2012/01/19 17:43:18 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Pictures.lnk
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/13 16:33:07 | 000,000,113 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\constant echo requests from Tcpip Kernel Driver; Google redirected; GLARM in registry.URL
[2012/02/13 16:31:56 | 002,042,462 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\tdsskiller.zip
[2012/02/13 00:12:41 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\The carthusian way.URL
[2012/02/12 23:28:32 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Message of His Holiness Benedict XVI for Lent 2012.URL
[2012/02/12 19:29:54 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\johnnnn.mp3
[2012/02/12 19:28:59 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Isaiah.mp3
[2012/02/12 14:11:18 | 027,382,868 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\John_KJV_mp3_complete--audiotreasure_com.zip
[2012/02/12 14:02:13 | 012,613,745 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_09.mp3
[2012/02/12 14:02:11 | 010,141,203 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_08.mp3
[2012/02/12 14:02:10 | 013,868,145 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_07.mp3
[2012/02/12 14:02:08 | 013,092,831 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_06.mp3
[2012/02/12 14:02:07 | 009,474,245 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_05.mp3
[2012/02/12 14:02:06 | 012,458,578 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_04.mp3
[2012/02/12 14:02:04 | 009,555,851 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_03.mp3
[2012/02/12 14:02:03 | 009,897,847 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_02.mp3
[2012/02/12 14:02:03 | 003,055,123 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Orthodoxy_01.mp3
[2012/02/10 16:31:28 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Croatia.URL
[2012/02/06 23:17:40 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\ark.zip
[2012/02/06 22:12:42 | 000,008,410 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\firewall_log.zip
[2012/02/06 21:40:30 | 000,002,330 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\attach.zip
[2012/02/03 19:58:08 | 000,002,792 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\.recently-used.xbel
[2012/02/02 17:49:55 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\Lavasoft Support Forums.URL
[2012/02/01 18:17:50 | 000,000,064 | ---- | C] () -- C:\WINNT\System32\rp_stats.dat
[2012/02/01 18:17:50 | 000,000,044 | ---- | C] () -- C:\WINNT\System32\rp_rules.dat
[2012/02/01 18:14:47 | 000,000,410 | ---- | C] () -- C:\WINNT\tasks\Ad-Aware Update (Weekly).job
[2012/01/26 19:25:41 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Desktop\firewall log.lnk
[2012/01/26 19:21:44 | 002,075,392 | ---- | C] () -- C:\WINNT\System32\OTXEKROAEF
[2012/01/18 23:43:14 | 000,319,492 | ---- | C] () -- D:\docs\high school.7z
[2012/01/18 23:42:52 | 022,361,855 | ---- | C] () -- D:\docs\healthy environments formation and catechesis program.7z
[2012/01/18 23:38:30 | 267,572,428 | ---- | C] () -- D:\docs\archive teaching.7z
[2012/01/18 23:34:08 | 267,307,016 | ---- | C] () -- D:\docs\archive GCS.7z
[2011/12/05 07:58:17 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2011/03/31 20:08:44 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c8.dat
[2011/02/08 21:24:58 | 000,000,048 | ---- | C] () -- D:\win\MapSetToolKit.cfg
[2011/02/07 21:49:09 | 000,133,120 | ---- | C] () -- D:\win\MapSetToolKit.exe
[2011/01/22 22:34:51 | 000,102,912 | ---- | C] () -- C:\WINNT\System32\drivers\FWDRV.SYS
[2010/09/19 13:00:25 | 000,000,090 | ---- | C] () -- C:\WINNT\OB1.INI
[2010/06/30 08:22:23 | 000,094,608 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2009/05/30 23:48:04 | 000,010,576 | ---- | C] () -- C:\WINNT\System32\drivers\scsiscan.sys
[2008/04/03 22:43:03 | 000,000,543 | ---- | C] () -- C:\WINNT\pareq30.ini
[2008/04/03 22:41:19 | 000,000,459 | ---- | C] () -- C:\WINNT\epp22.ini
[2008/04/03 22:41:16 | 000,000,462 | ---- | C] () -- C:\WINNT\graeq22.ini
[2008/04/03 21:50:39 | 000,093,004 | R--- | C] () -- D:\win\ball attractor program.exe
[2008/04/03 21:50:39 | 000,077,824 | ---- | C] () -- D:\win\smoke sim.exe
[2006/11/16 18:05:23 | 000,000,000 | ---- | C] () -- C:\WINNT\FXMPlay.INI
[2006/09/29 19:07:24 | 000,001,022 | ---- | C] () -- C:\WINNT\fractalx.INI
[2006/09/27 20:35:47 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Application Data\usb.dat.bin
[2006/09/11 21:28:47 | 000,000,174 | ---- | C] () -- C:\WINNT\IGPRO.ini
[2006/07/20 16:52:43 | 000,006,550 | ---- | C] () -- C:\WINNT\jautoexp.dat
[2006/06/11 09:01:24 | 000,000,051 | ---- | C] () -- C:\WINNT\tone.ini
[2006/05/26 15:05:48 | 000,000,062 | ---- | C] () -- C:\WINNT\dgnet007.ini
[2006/05/20 10:55:20 | 000,000,043 | ---- | C] () -- C:\WINNT\ENCGAMES.INI
[2006/05/18 11:52:11 | 000,152,064 | ---- | C] () -- C:\WINNT\snap.dat
[2006/05/10 14:31:09 | 000,036,972 | ---- | C] () -- C:\WINNT\System32\ActPanel.dll
[2006/02/15 15:09:36 | 000,003,732 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2006/01/24 14:53:01 | 000,016,973 | ---- | C] () -- C:\WINNT\System32\ZWebAuth.dll
[2005/11/18 18:39:50 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/07 13:10:22 | 000,000,000 | ---- | C] () -- C:\WINNT\iPlayer.INI
[2005/11/02 22:11:28 | 000,000,000 | ---- | C] () -- C:\WINNT\JDSecure20.INI
[2005/10/06 12:50:28 | 000,011,616 | R--- | C] () -- C:\WINNT\System32\drivers\SECDRV.SYS
[2005/10/02 12:06:43 | 000,148,992 | ---- | C] () -- C:\Documents and Settings\Lowell Jensen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/09 13:54:15 | 000,099,965 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2005/09/09 13:54:00 | 000,005,675 | ---- | C] () -- C:\WINNT\mozver.dat
[2005/09/06 22:14:20 | 000,010,541 | ---- | C] () -- C:\WINNT\ePrompter.ini
[2005/09/06 17:08:22 | 000,000,147 | ---- | C] () -- C:\WINNT\winamp.ini
[2005/09/06 15:53:33 | 000,000,836 | ---- | C] () -- C:\WINNT\ODBC.INI
[2005/09/06 15:23:34 | 000,000,230 | ---- | C] () -- C:\WINNT\WinInit.INI
[2005/09/05 21:09:36 | 000,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS45.DLL
[2005/09/05 20:06:41 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2005/09/05 15:27:32 | 000,004,254 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2005/09/05 15:26:41 | 000,429,392 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2005/07/20 18:07:00 | 000,540,672 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2004/05/20 11:33:07 | 000,208,440 | ---- | C] () -- D:\win\tone generator.exe
[2003/09/15 15:52:04 | 000,001,624 | ---- | C] () -- D:\win\active desktop html.html
[2000/07/26 10:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2000/07/26 10:00:00 | 000,380,630 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2000/07/26 10:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2000/07/26 10:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2000/07/26 10:00:00 | 000,178,144 | ---- | C] () -- C:\WINNT\System32\Q259545.EXE
[2000/07/26 10:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2000/07/26 10:00:00 | 000,056,304 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2000/07/26 10:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2000/07/26 10:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2000/07/26 10:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2000/07/26 10:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2000/07/26 10:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2000/07/26 10:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2000/07/26 10:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2006/09/16 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MathReader
[2010/07/06 23:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/18 21:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/16 17:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\avidemux
[2010/07/08 12:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\corz
[2006/10/12 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\fltk.org
[2010/08/30 20:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\FreeCAD
[2011/01/18 20:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\GARMIN
[2012/01/11 20:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\gtk-2.0
[2006/01/26 07:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\ICAClient
[2011/05/09 19:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\ImgBurn
[2010/06/29 22:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\IrfanView
[2010/09/20 20:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\K-Meleon
[2006/09/16 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\MathReader
[2009/01/03 12:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\OpenOffice.org
[2012/02/13 00:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lowell Jensen\Application Data\WinFF
[2012/02/02 19:18:11 | 000,000,410 | ---- | M] () -- C:\WINNT\Tasks\Ad-Aware Update (Weekly).job
[2010/10/14 21:28:21 | 000,000,884 | ---- | M] () -- C:\WINNT\Tasks\flash backup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 8792 bytes -> C:\WINNT\Firefox Wallpaper.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5832 bytes -> C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3864 bytes -> C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3840 bytes -> C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2980 bytes -> C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2724 bytes -> C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE406C3E
@Alternate Data Stream - 1256 bytes -> C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F64C164

< End of report >





OTL Extras logfile created on: 2/13/2012 8:41:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lowell Jensen\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.08 Mb Total Physical Memory | 348.12 Mb Available Physical Memory | 68.11% Memory free
1.22 Gb Paging File | 1.07 Gb Available in Paging File | 87.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = D:\win
Drive C: | 7.81 Gb Total Space | 1.01 Gb Free Space | 12.89% Space Free | Partition Type: NTFS
Drive D: | 38.22 Gb Total Space | 2.27 Gb Free Space | 5.95% Space Free | Partition Type: FAT32

Computer Name: MAX | User Name: Lowell Jensen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\win\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\win\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\win\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\win\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\win\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08C5E3B0-3402-4AF5-8656-2D76B80FB6ED}" = Miracle C Shareware Package
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{28D309DC-4EDD-49B4-A7CB-6B5C0E075B34}" = TerraGo Toolbar
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C8741C-4A91-42A6-B6A2-CB891F7398A1}" = Kerio Personal Firewall 2.1.5
"{68249B78-B714-11D7-88E8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_18
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7C3EC6B0-663E-4DF9-8231-EA486CD0A400}" = Maya Fluid Effects Screensaver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F04AE70-9C11-11DF-8F84-005056C00008}" = Google Earth Plug-in
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9984DF60-1C5B-11D3-ACA1-908A4FC10801}" = Intel Ultra ATA Storage Driver
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 3.0.0.1
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F57052F4-9F33-4B2A-A99A-922EDF2655A4}" = MathReader 5
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Apophysis 2.0" = Apophysis 2.0
"ARCH-CANY-Hikes" = ARCH-CANY-Hikes
"Arizona Topo" = Arizona Topo Map
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"BRCA-ZION-CARE-Hikes" = BRCA-ZION-CARE-Hikes
"CDex" = CDex extraction audio
"cGPSmapper Free_is1" = cGPSmapper Free 0100d
"ChaosPro 3.2" = ChaosPro 3.2
"Citrus Alarm Clock_is1" = Citrus Alarm Clock 1.0.5
"CO4WD" = Colorado 4WD Trails
"COTOPO" = Colorado Topo Maps
"DEN_Trails1" = DEN_Trails1 Map Set for Garmin
"Expression Tone Generator" = Expression Tone Generator
"Fractal eXtreme" = Fractal eXtreme
"Gregoire 1.0.3.19" = Gregoire 1.0.3.19
"Handy Recovery 1.0" = Handy Recovery 1.0
"IbycusUSA2" = Ibycus USA Map
"ImgBurn" = ImgBurn
"InstallShield_{F57052F4-9F33-4B2A-A99A-922EDF2655A4}" = MathReader 5
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Land Ownership" = Land Ownership
"LTWinModem" = Lucent Win Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Maya Paint Effects Screen Saver" = Maya Paint Effects Screen Saver
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Visual C++ 6.0 Docs" = Microsoft Visual C++ 6.0 Docs
"mm_trail_osm" = trail_osm
"MoffFreeCalc_is1" = Moffsoft FreeCalc
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
"My POIs" = My POIs Maps
"My Trails" = My Trail Maps
"NE USA Topo Part 1" = NorthEast USA Topo Map Part 1
"NE USA Topo Part 2" = NorthEast USA Topo Map Part 2
"NE USA Topo Part 3" = NorthEast USA Topo Map Part 3
"New Mexico Topo" = New Mexico Topo Map
"NVIDIA Drivers" = NVIDIA Drivers
"Phun_is1" = Algodoo Phun edition v5.28
"Picasa2" = Picasa 2
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"Quartz AudioMaster Freeware" = Quartz AudioMaster Freeware
"Quat_is1" = Quat 1.20
"ST6UNST #1" = GPXtoPOI
"trail_100k" = trail_100k
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"USStatesandCounties" = US State and County Borders
"UTTOPO" = Utah Topo Maps
"Virtual Relativity" = Virtual Relativity
"Visual C++ 6.0 Introductory Edition" = Microsoft Visual C++ 6.0 Introductory Edition
"VLC media player" = VLC media player 1.1.11
"Western Ownership" = Western Ownership
"Winamp" = Winamp (remove only)
"WinFF_is1" = WinFF 1.2
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WMP7" = Windows Media Player system update (9 Series)
"Yankee Clipper III" = Yankee Clipper III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2012 2:08:57 AM | Computer Name = MAX | Source = Microsoft Internet Explorer | ID = 1000
Description =

Error - 1/29/2012 11:22:54 PM | Computer Name = MAX | Source = MsiInstaller | ID = 11706
Description = Product: Free NaturalReader -- Error 1706.No valid source could be
found for product Free NaturalReader. The Windows Installer cannot continue.

Error - 1/29/2012 11:23:42 PM | Computer Name = MAX | Source = MsiInstaller | ID = 11704
Description = Product: Backup Dell-Installed Programs -- Error 1704.An installation
for Free NaturalReader is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 1/29/2012 11:23:53 PM | Computer Name = MAX | Source = MsiInstaller | ID = 11706
Description = Product: Backup Dell-Installed Programs -- Error 1706.No valid source
could be found for product Backup Dell-Installed Programs. The Windows Installer
cannot continue.

Error - 2/1/2012 9:01:44 PM | Computer Name = MAX | Source = MsiInstaller | ID = 11704
Description = Product: Ad-Aware -- Error 1704. An installation for Free NaturalReader
is currently suspended. You must undo the changes made by that installation to
continue. Do you want to undo those changes?

Error - 2/1/2012 11:53:39 PM | Computer Name = MAX | Source = Perflib | ID = 2002
Description = The open procedure for service ".NET CLR Data" in DLL "C:\WINNT\system32\netfxperf.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 2/3/2012 11:11:11 PM | Computer Name = MAX | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x0013bd1a.

Error - 2/3/2012 11:11:24 PM | Computer Name = MAX | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x0013bd1a.

Error - 2/3/2012 11:11:50 PM | Computer Name = MAX | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x0013bd1a.

Error - 2/3/2012 11:12:57 PM | Computer Name = MAX | Source = Microsoft Office 10 | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
excel.exe, version 10.0.2614.0, fault address 0x0013bd1a.


< End of report >  OTL.zip (11.64K)
Number of downloads: 1

Can you now run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
  
  
• Then click Finish.
  
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  
• On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.
  
  
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad.
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

It ran with no problems.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.14.03

Windows 2000 Service Pack 4 x86 FAT32
Internet Explorer 6.0.2800.1106
Lowell Jensen :: MAX [administrator]

2/14/2012 4:08:29 PM
mbam-log-2012-02-14 (16-08-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188975
Time elapsed: 37 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

There was a driver file which appears to have been modified. We will find a copy and replace it.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  nv4_mini.sys      
  

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Hello m0le,
It won't run, but gives the error:
The procedure entry point IsWow64Process could not be located in the dynamic link library KERNEL32.dll