Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

I think I am infected

Started by sarcaustic , Jul 29 2010 11:25 AM

This topic is locked

30 replies to this topic

#1 sarcaustic

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 29 July 2010 - 11:25 AM

Hello,

Sometime during the past 2 weeks my laptop has developed some weird symptoms that I cannot seem to get rid of. It has been:

Making the "you just clicked on a link" clicking noise at random times
minimizing open internet windows or computer games randomly
Random Internet Explorer pop-ups (i use firefox exclusively unless there is an important website I need that doesn't support it)
Random audio from commercials without an accompanying pop-up (most recently they have been for blackberry messenger if that matters at all) occasionally I will hear entire commercials, other times it will cut out after 5secs or so and other times I will get several at once that overlap

I have run multiple virus scans using Avast! and malware scans using both Malwarebytes and SUPERantispyware which turned up nothing. Here are the completed DDS and GMER logs

DDS (Ver_10-03-17.01) - NTFSx86
Run by Cliff at 17:23:45.43 on Wed 07/28/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.299 [GMT -4:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
svchost.exe 4
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe 4
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Cliff\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236798383765
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\cliff\applic~1\mozilla\firefox\profiles\0zjxhe5g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 atiide;atiide;c:\windows\system32\drivers\atiide.sys [2008-5-18 3456]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-9 163280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-9 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-9 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-9 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-9 40384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-7-24 38976]

=============== Created Last 30 ================

2010-07-28 21:06:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-07-28 14:58:21 0 d-----w- c:\program files\Trend Micro
2010-07-28 14:52:38 0 d-----w- c:\docume~1\cliff\applic~1\SUPERAntiSpyware.com
2010-07-28 14:52:38 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-07-28 14:52:29 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-27 21:41:34 77200 ----a-w- c:\windows\War3Unin.dat
2010-07-27 21:41:33 2829 ----a-w- c:\windows\War3Unin.pif
2010-07-27 21:41:33 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-26 19:06:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-24 22:08:49 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2010-07-24 22:08:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Paessler
2010-07-24 22:00:31 0 d-----w- c:\program files\PRTG Network Monitor
2010-07-14 13:57:55 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 20:44:37 0 d-----w- c:\docume~1\cliff\applic~1\RibbonSoft
2010-07-13 19:58:29 0 d-----w- c:\program files\QCad
2010-07-11 04:03:00 0 d-----w- c:\docume~1\cliff\applic~1\LolClient
2010-07-11 03:52:47 0 d-----w- C:\Riot Games

==================== Find3M ====================

2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2008-09-08 16:41:36 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090820080909\index.dat

============= FINISH: 17:24:36.82 ===============

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-29 11:32:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Cliff\LOCALS~1\Temp\fwdoapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEE7C6C78]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEE7C6B34]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEE7C70E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEE7C7012]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEE7C670A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEE7C6C0E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEE7C664A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEE7C66AE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEE7C6D2E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEE7C71B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEE7C6CEE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEE7C6E6E]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE88A620]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEE7D352A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEE7D334E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEE7D3488]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CCC 80504568 4 Bytes CALL D53EC1DD
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP EE7D348C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP EE7D3352 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP EE7CF4E6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP EE7D099E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP EE7D352E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3932] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (*** hidden *** ) 3932

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt 0 bytes
File C:\Documents and Settings\LocalService\Cookies\system@eyereturn[2].txt 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ANU3L97I\01[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ANU3L97I\st[7] 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CKQ2J9PY\WICAT2LEHICAMY8CG0CAINKO5QCAF1C9AICANCKPLJCANGFG73CA3PU7PECAU0HBFTCA6SCAMUCARI1XW9CABSEYPRCASCY6X1CA9SVR7YCABB9DFHCAG2GCV4CAKVJ13CCAQMAWBPCA67TC1KCAHMOVIU 779 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CKQ2J9PY\R1CA97QXRLCAL8L26NCA2TALX4CALFCGLLCAS62255CAQM0YSXCA96PUA1CAS16FHPCABPLV0UCA286EPECAYNJ2HSCAY0Z4CLCAPVJJ37CARW5GS0CAUTVBBXCARHX8EFCA1O13ETCACU95EMCAS2QZCG 1509 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\D23THGHP\QUCASM6B7DCA4A0NV0CARKRFFCCARR4XHRCAJAKQ15CAKD9ZJHCAP15CC2CA9ODVA3CA5OL51JCA3V376ICABPUNUFCA7NYNIXCA1VOG10CA02PL03CAAA7QWUCA5D1U2HCATLWXINCAZG3FT6CAT23T32 4522 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\D23THGHP\O5CA9EWMD8CA6KGLZSCAZRB1LVCAPELW28CAM6KE0ACA8RGN79CAXIRZFPCA48DEG1CAT9ZQ0YCAJQW18ACAWFB2SCCAHVNGQCCAFJZMNLCAK0WEECCA5QU5PFCATTNYBGCAEAMB1OCA4AY4YYCAH17WZL 4502 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\D23THGHP\9NDFLTCA1C9VR0CAP3Z8RTCA1HF5PACAABJE9OCAQ75PXXCAC959JSCAV4WIV9CAFHQATACAFOY2H3CA0UFY33CA0Z2R4BCAZNXC6QCA4MXDKDCAXEB1QTCAY639PFCABPGS42CAFXKVX6CA4XLS22.htm 1147 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S9JGETHX\redvase[1].js 4390 bytes

---- EOF - GMER 1.0.15 ----

Thank you in advance for any assistance in dealing with this.
P.S. my symptoms sound very similar to those being experienced by DSimons who has a seperate thread.

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 31 July 2010 - 11:59 AM

bump

EDIT: Please be patient. There are over 450 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~BP

Edited by Budapest, 01 August 2010 - 05:56 PM.

#3 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 07 August 2010 - 01:44 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
In the custom scan box paste the following:
CODE
msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#4 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 09 August 2010 - 12:59 PM

Thank you for the response. I am still having the same troubles as before including:

Audio clicking noises at random times (the "you just clicked on a link" windows noise)
occasional internet explorer pop-up ads (i use firefox exclusively)
audio from commercials with no pop-up (often these will be blackberry messenger ads, but also other random commercials)
general computer instability with screen freezes where nothing will respond (this will most often occur while playing games Warcraft III or League of Legends) and random restarts

So far I have run full scans with Avast!, Malwarebytes, SUPERantispyware, and hijackthis. They turned up nothing I could see as being a definite infection. I used http://www.hijackthis.de/#anl to analyze the hijackthis log but there was nothing running that was tagged as Nasty. So without further ado here are the requested OTL logs.

OTL logfile created on: 8/9/2010 1:35:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Cliff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 30.20 Gb Free Space | 40.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3P4QBG1
Current User Name: Cliff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/09 13:26:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliff\Desktop\OTL.exe
PRC - [2010/07/24 16:54:32 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/24 16:54:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/19 13:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/28 18:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/01/28 18:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 21:04:54 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/09/17 12:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

========== Modules (SafeList) ==========

MOD - [2010/08/09 13:26:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliff\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/01/28 18:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 18:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 18:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2005/08/02 17:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

========== Driver Services (SafeList) ==========

DRV - [2010/07/24 18:08:49 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/28 17:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 17:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 17:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 17:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 17:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 17:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/30 21:04:54 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/03/26 23:27:24 | 000,216,800 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/12/02 19:26:22 | 000,989,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/12/02 19:26:20 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/12/02 19:26:20 | 000,211,200 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/10/16 15:16:14 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/09 05:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/10/09 05:17:40 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2007/05/23 15:07:28 | 000,003,456 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atiide.sys -- (atiide)
DRV - [2007/04/23 22:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/04/23 22:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/02 17:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/...?channel=us-smb
IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080519
IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/29 11:54:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 21:22:09 | 000,000,000 | ---D | M]

[2008/09/17 08:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliff\Application Data\Mozilla\Extensions
[2010/08/09 12:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cliff\Application Data\Mozilla\Firefox\Profiles\0zjxhe5g.default\extensions
[2010/07/29 11:55:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cliff\Application Data\Mozilla\Firefox\Profiles\0zjxhe5g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/29 11:55:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Cliff\Application Data\Mozilla\Firefox\Profiles\0zjxhe5g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/14 16:47:20 | 000,004,207 | ---- | M] () -- C:\Documents and Settings\Cliff\Application Data\Mozilla\Firefox\Profiles\0zjxhe5g.default\searchplugins\aim-search.xml
[2010/08/09 12:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 17:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/28 17:06:33 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommo...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236798383765 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Cliff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cliff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/09 13:26:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cliff\Desktop\OTL.exe
[2010/07/28 17:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/28 17:06:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/28 17:06:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/28 17:06:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/28 17:06:56 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/28 16:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/07/28 10:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/28 10:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cliff\Application Data\SUPERAntiSpyware.com
[2010/07/28 10:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/28 10:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/28 10:22:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Cliff\Recent
[2010/07/27 20:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/27 17:41:33 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010/07/26 15:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/26 15:06:34 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 18:08:49 | 000,038,976 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010/07/24 18:08:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2010/07/24 18:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\PRTG Network Monitor
[2010/07/21 10:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/19 22:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/19 22:09:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/14 09:57:55 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/13 16:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cliff\Application Data\RibbonSoft
[2010/07/13 15:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\QCad
[2010/07/11 00:03:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cliff\Application Data\LolClient
[2010/07/10 23:52:47 | 000,000,000 | ---D | C] -- C:\Riot Games
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/09 13:26:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cliff\Desktop\OTL.exe
[2010/08/09 12:14:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/09 12:14:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/09 12:14:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/09 12:14:23 | 937,467,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/09 01:00:53 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Cliff\NTUSER.DAT
[2010/08/08 11:44:43 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Cliff\My Documents\Nesquehoning Job Locals.xls
[2010/08/07 13:20:25 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Cliff\Desktop\Civil Service test study guide.doc
[2010/08/07 13:18:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Cliff\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/08/07 09:37:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/08/07 00:17:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/05 17:23:16 | 005,856,234 | -H-- | M] () -- C:\Documents and Settings\Cliff\Local Settings\Application Data\IconCache.db
[2010/07/28 17:06:31 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/28 17:06:31 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/28 17:06:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/28 17:06:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/28 17:06:31 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/27 18:08:33 | 000,077,200 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010/07/27 18:01:02 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010/07/27 18:01:02 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/24 18:08:49 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk42.sys
[2010/07/23 16:07:58 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Cliff\My Documents\Good Songs.doc
[2010/07/23 16:04:41 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Cliff\My Documents\Eggs, Beans, Five, Dentist... RESUME.doc
[2010/07/12 10:16:22 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\Cliff\My Documents\Wedding INvites Receipt.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/07 13:20:25 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Cliff\Desktop\Civil Service test study guide.doc
[2010/07/27 17:41:34 | 000,077,200 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/07/27 17:41:33 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2010/07/12 10:16:22 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\Cliff\My Documents\Wedding INvites Receipt.doc
[2009/01/19 23:26:31 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/01/19 23:26:30 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/01/19 23:26:30 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/01/19 23:22:19 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/01/19 23:22:19 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/24 10:22:01 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/05/29 22:15:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/18 21:41:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/18 21:36:54 | 000,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2008/05/18 21:31:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/05/18 21:31:34 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/05/18 21:07:58 | 000,001,118 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/02 17:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/04/27 14:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2005/04/27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/08 10:06:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/08 10:06:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/08 10:06:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/08 10:06:35 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2008/04/13 20:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2008/04/13 20:11:58 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2007/08/13 18:54:10 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2008/04/13 14:30:46 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2008/04/13 20:12:03 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2008/04/13 20:12:03 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2008/04/13 20:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2008/04/13 20:12:05 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2008/04/13 20:12:07 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2008/04/13 20:12:07 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2008/04/13 13:39:24 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 13:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 13:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 13:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/24 18:08:49 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\system32\drivers\pssdk42.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23
< End of report >

OTL Extras logfile created on: 8/9/2010 1:35:57 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Cliff\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 324.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 30.20 Gb Free Space | 40.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D3P4QBG1
Current User Name: Cliff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Enabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Enabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"6957:TCP" = 6957:TCP:*:Enabled:League of Legends Launcher
"6957:UDP" = 6957:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"6883:TCP" = 6883:TCP:*:Enabled:League of Legends Launcher
"6883:UDP" = 6883:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant -- (SingleClick Systems)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- File not found
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- File not found
"C:\Documents and Settings\Cliff\Local Settings\Temp\Blizzard Launcher Temporary - 11c31e80\Launcher.exe" = C:\Documents and Settings\Cliff\Local Settings\Temp\Blizzard Launcher Temporary - 11c31e80\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Documents and Settings\Cliff\Local Settings\Temp\Blizzard Launcher Temporary - 0a58d1a8\Launcher.exe" = C:\Documents and Settings\Cliff\Local Settings\Temp\Blizzard Launcher Temporary - 0a58d1a8\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- File not found
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe" = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe:*:Enabled:CLI Application (Command Line Interface) -- (ATI Technologies Inc.)
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\PRTG Network Monitor\PRTG Server.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server.exe:*:Enabled:PRTG_Network_Monitor_Server -- File not found
"C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe" = C:\Program Files\PRTG Network Monitor\PRTG Server Administrator.exe:*:Enabled:PRTG_Network_Monitor_Admin_Tool -- File not found
"C:\Program Files\PRTG Network Monitor\PRTG Probe.exe" = C:\Program Files\PRTG Network Monitor\PRTG Probe.exe:*:Enabled:PRTG_Network_Monitor_Probe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{493CCEF3-B98C-4979-92F4-F848C365A82B}" = Verizon FiOS Connection Wizard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}" = ATI Catalyst Control Center
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"Free RAR Extract Frog" = Free RAR Extract Frog
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QCad" = QCad 2.1
"SearchAssist" = SearchAssist
"SynTPDeinstKey" = Dell Touchpad
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1083818572-1338967228-2309468390-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products

< End of report >

#5 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 09 August 2010 - 03:27 PM

Hi,

please run MBRCheck next:
Please download MBRCheck.exe to your desktop.

Double click to run it
It will prompt you with some text
Left click on title bar (where program name and path is written)
From menu chose Edit -> Select All
Now just click Enter key on keyboard to copy selected text
Now paste that text here for me.

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#6 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 10 August 2010 - 06:14 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black I
nternet)!
SHA1: FAE143CB9C828AABC62E83C659A30EFE45D6F85C

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#7 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 12 August 2010 - 02:52 PM

Your log indicates you have an infected Master Boot Record (MBR). To learn more about this infection please refer to:

Rerun MBRCheck.exe again by double-clicking on it. Vista/Windows 7 users right-click and select Run As Administrator.

Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter 'Y' and then press Enter.
When asked: 'Enter your choice:', select option [2] (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
Enter [0] (for PhysicalDrive0) and press the Enter key.
The program will show Available MBR codes followed by a list of operating systems as shown below.
QUOTE
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:

Please select your version of Windows from the list and enter the corresponding number (For example, type 0 or 1 for XP, type 3 for Vista, type 5 for Windows 7, etc) and then press Enter. Be careful...if the wrong OS is used, it will render the computer unbootable.
When prompted for confirmation: 'Do you want to fix the MBR code?'. Type the full word Yes (not Y or the fix will not work) and press Enter.
Left-click on the title bar (where program name and path is written).
From the menu chose Edit -> Select All.
Press the Enter key on your keyboard to copy selected text.
Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
If your computer does not restart on its own, please restart it manually.

Important Note: While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the operating system so that it will not boot up or the partitions may become corrupted. Further, Vista does not always use the same MBR code as it depends on the type of install that was used. I recommend you have your Windows CD available which will allow recovering the boot code via the Windows Recovery Console (XP) or Recovery Environment Startup Repair (Vista, Windows 7) in case of any problems, or install the XP Recovery Console before proceeding with the above fix. Then if any problems occur, the links below explain how to use and repair the MBR:

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#8 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 12 August 2010 - 08:53 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF7A44000 \WINDOWS\system32\KDCOM.DLL
0xF7954000 \WINDOWS\system32\BOOTVID.dll
0xF7415000 ACPI.sys
0xF7A46000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7404000 pci.sys
0xF7544000 isapnp.sys
0xF7958000 compbatt.sys
0xF795C000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B0C000 pciide.sys
0xF77C4000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7554000 MountMgr.sys
0xF73E5000 ftdisk.sys
0xF77CC000 PartMgr.sys
0xF7960000 ACPIEC.sys
0xF7B0D000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7B0E000 atiide.sys
0xF7564000 VolSnap.sys
0xF73CD000 atapi.sys
0xF7574000 disk.sys
0xF7584000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73AD000 fltmgr.sys
0xF739B000 sr.sys
0xF7594000 PxHelp20.sys
0xF7384000 KSecDD.sys
0xF72F7000 Ntfs.sys
0xF72CA000 NDIS.sys
0xF72B0000 Mup.sys
0xF7774000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7A24000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7083000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF706F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6F5C000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF78C4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6F38000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78CC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7784000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7794000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77A4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6F15000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6EED000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77B4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78D4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6EB8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A78000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6EA4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF75A4000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xF7A30000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7C91000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75B4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A34000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6E8D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75C4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75D4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF78E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6E54000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75E4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78EC000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75F4000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A7A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6DF6000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A40000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7604000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7634000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEECD8000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEEBE6000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEEB33000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF78FC000 \SystemRoot\System32\Drivers\Modem.SYS
0xEEA15000 \SystemRoot\system32\drivers\sthda.sys
0xEE9F1000 \SystemRoot\system32\drivers\portcls.sys
0xF7654000 \SystemRoot\system32\drivers\drmk.sys
0xF7A04000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A9C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C10000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF791C000 \SystemRoot\System32\drivers\vga.sys
0xF7AA0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7924000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF792C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7A08000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE9BE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE965000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7664000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xEE93F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE8EF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7674000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE8CD000 \SystemRoot\System32\drivers\afd.sys
0xF7684000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE8AB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7934000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEE880000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE810000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF76A4000 \SystemRoot\System32\Drivers\Fips.SYS
0xEE7E9000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF6E89000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF7944000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF6E69000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76C4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF794C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6E65000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF76D4000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE7A9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AB2000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7268000 \SystemRoot\System32\drivers\Dxapi.sys
0xF780C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C59000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF055000 \SystemRoot\System32\ati2cqag.dll
0xBF09D000 \SystemRoot\System32\atikvmag.dll
0xBF0E3000 \SystemRoot\System32\ati3duag.dll
0xBF34A000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEC3E5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEC391000 \SystemRoot\system32\DRIVERS\packet.sys
0xEC389000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEC122000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xEBB2D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEBAF0000 \SystemRoot\system32\drivers\wdmaud.sys
0xEBD42000 \SystemRoot\system32\drivers\sysaudio.sys
0xEC189000 \SystemRoot\system32\drivers\bcmwlnpf.sys
0xEB992000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEB683000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB39A000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7914000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xBA695000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
620 C:\WINDOWS\system32\smss.exe
672 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
744 C:\WINDOWS\system32\services.exe
756 C:\WINDOWS\system32\lsass.exe
908 C:\WINDOWS\system32\ati2evxx.exe
940 C:\WINDOWS\system32\svchost.exe
1016 svchost.exe
1056 C:\WINDOWS\system32\svchost.exe
1144 svchost.exe
1180 svchost.exe
1308 C:\WINDOWS\system32\WLTRYSVC.EXE
1340 C:\WINDOWS\system32\BCMWLTRY.EXE
1364 C:\WINDOWS\system32\ati2evxx.exe
1392 C:\WINDOWS\system32\svchost.exe
1512 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1824 C:\WINDOWS\explorer.exe
1988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2004 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
2020 C:\WINDOWS\system32\WLTRAY.EXE
2040 C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
124 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
156 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
172 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
360 C:\Program Files\Common Files\Java\Java Update\jusched.exe
408 C:\WINDOWS\system32\ctfmon.exe
484 C:\Program Files\Digital Line Detect\DLG.exe
1260 C:\WINDOWS\system32\svchost.exe
1328 C:\WINDOWS\system32\spoolsv.exe
1608 svchost.exe
1316 C:\Program Files\Dell Network Assistant\hnm_svc.exe
1956 C:\Program Files\Java\jre6\bin\jqs.exe
2092 C:\Program Files\Common Files\Motive\McciCMService.exe
2180 C:\WINDOWS\system32\svchost.exe
3252 alg.exe
2520 C:\WINDOWS\system32\svchost.exe
3152 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3508 C:\Program Files\Mozilla Firefox\firefox.exe
460 C:\Program Files\Mozilla Firefox\plugin-container.exe
3896 C:\WINDOWS\system32\wuauclt.exe
2536 C:\WINDOWS\system32\wuauclt.exe
852 C:\WINDOWS\system32\wscntfy.exe
4048 C:\Documents and Settings\Cliff\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`05e21800 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542580K9SA00, Rev: BBBOC39P

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!
SHA1: FAE143CB9C828AABC62E83C659A30EFE45D6F85C

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 0
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

#9 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 15 August 2010 - 09:33 AM

Hi,

please reboot and let me know how the PC si doing.

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#10 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 15 August 2010 - 12:23 PM

Rebooted the computer and immediately received 16 security updates for windows so I am assuming the virus had them disabled somehow. Everything seems to be back to normal. All of the previously listed symptoms are gone. Thank you very much for the help, and just let me know if you want me to run any final scans or anything else. Thanks again, the random commercials were driving me up a wall.

#11 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 15 August 2010 - 12:48 PM

Hi,

yes please, I would like to run an additional scan with Eset:

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please also provide another log from MBRCheck:

Double click to run it
It will prompt you with some text
Left click on title bar (where program name and path is written)
From menu chose Edit -> Select All
Now just click Enter key on keyboard to copy selected text
Now paste that text here for me.

regards myrti

Edited by myrti, 15 August 2010 - 12:49 PM.

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#12 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 15 August 2010 - 06:14 PM

ESET found 1 threat, listed below.

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\39\72bf3727-14f1c725 multiple threats

#13 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 16 August 2010 - 01:57 PM

Hi,

the file is in a temporary folder. To empty it, please do this:

Clear the Java cache:

Go to Start -> Control Panel.
In the Control Panel, double-click the Java icon.
Click Settings... under "Temporary Internet Files".
Click Delete Files...
Click OK on the Delete Temporary Files window.
NOTE: This deletes all the Downloaded Applications and Applets from the cache!
Click OK on the Temporary Files Settings window.
Close the Java Control Panel.

You can also view these instructions along with screenshots here.

How is the PC doing? Your logs are looking clean.

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+

#14 sarcaustic

Topic Starter

Members
16 posts
OFFLINE

Local time:01:19 PM

Posted 17 August 2010 - 09:08 PM

I emptied the folder as instructed and then I ran ESET but it still came up with the same threat. I then ran ESET again but this time I let it remove the threat it found. It now comes up with a clean scan however I fear there is still something going on as I found another Internet Explorer pop-up today and something is very wrong with my task manager. It has no borders, so no tabs, close or minimize options. Also the tab that appears to be stuck open now is the CPU usage and the Usage history graph. As previously stated I cannot see or click on any of the other tabs.

#15 myrti

Sillyberry

Malware Study Hall Admin
33,766 posts
OFFLINE

Gender:Female
Location:At home
Local time:07:19 PM

Posted 18 August 2010 - 05:20 PM

Hi,

please try double-clicking the border of the taskmanager, that should bring back the normal layout of the taskmanager.

Could the popup have been a normal popup? As in not malware related?

regards myrti

is that a bird? a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

Follow BleepingComputer on: Facebook | Twitter | Google+