Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't run most scanners and keep getting redirects and bad boot up


  • This topic is locked This topic is locked
37 replies to this topic

#1 dario03

dario03

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 14 August 2011 - 01:09 PM

Hello, this is my first post here (besides my intro post) and I was hopeing to get some help on a odd problem. I tried getting some help on another site that I've used before and they recommended a reformat but I was wanting to get a second opinion first. The computer is a WinXP SP3 computer that had Avast free edition on it, it has been running slow and the homepage and search engine kept defaulting to Mywebsearch.com. The computer also doesn't boot properly at times. Some times when you should be at the sign in page for windows it only loads a black screen and the mouse pointer.

I ran a couple programs that the other site recommended and some older scanners just to see if they worked or not. Most scanners won't work but I can run some fine and other programs like browsers and media players and office programs work fine for hours but some times the computer will lock up.

DDS - In normal mode it locks the whole computer shortly after it starts scanning. In safe mode it seems to run fine but never opens a log and if you try to close it, it will lock the computer.

Gmer - In normal and safe mode it locks the computer instantly, don't even see the program open.

Combofix (I know you guys say not to unless you say to but the other site told me to before I came here) - In normal and safe mode will get to the part where it says its going to scan but then it just locks the computer up. I waited over a hour to see if it was normal but it never unfroze.

Vundofix - In normal mode it will run for about 10 minutes then lock the computer up. In safe mode it scans and finds nothing.

Avast - Originally In normal and safe mode just opening Avast will lock the computer up in about a minute, you don't even have to start scanning for it to lock. But after running Malwarebytes and superantispyware I got it to run in safe mode but it found nothing.

rkill - In normal mode it will take a long time to load and will then say installation failed or application error over and over again and eventually lock the computer up. In Safe mode it will give those errors once but then it will run, some times it says nothing found and other times it will say that it stopped "C:\windows\system32\userinit.exe"

Trojan Remover - Ran in normal mode and it found nothing but said that 2 policies were wrong and it fixed those. Said the computer was set to not check digital signatures and was set to allow un-signed signatures to run.

I was able to run MalwareBytes and SuperAntiSpyware in normal mode which both found problems with Mywebsearch. And I was able to run Hijackthis in normal mode.


So do you guys have any advice? I have the logs from Malwarebytes and hijackthis if you would like to see them.

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:51 PM

Posted 19 August 2011 - 01:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414376 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 21 August 2011 - 12:06 PM

Hello, I still need help on this problem.

1. I haven't done anything with the computer so the issues are still the same. Can't run some scans, sometimes the computer doesn't boot properly, runs slow, and homepage changes.
2. I still can't run the scans so I don't have any logs. The computer is running Windows XP SP3 32bit.
3. I have the Windows CD.

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 AM

Posted 22 August 2011 - 07:19 AM

Hi dario03 and welcome to BC. :)

Looks like the computer is severely infected, let's see what we can do.

Please post the logs of MBAM and HijackThis to give us an idea on what's going on.

Also please try this version of DDS => http://download.bleepingcomputer.com/sUBs/dds.com

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 25 August 2011 - 05:49 PM

That DDS also loaded and ran for a bit but then the whole computer locked up and it never gave a log. But I ran some fresh scans with Malwarebytes and Hijackthis.

***Malwarebytes***

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7566

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/25/2011 3:35:53 PM
mbam-log-2011-08-25 (15-35-53).txt

Scan type: Full scan (C:\|)
Objects scanned: 326073
Time elapsed: 1 hour(s), 7 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


***Hijackthis***

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:44:22 PM, on 8/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6092
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Yahtzee/Images/stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121930533216
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C0E4DBD-7246-4F85-B5D5-4053BB981062}: NameServer = 192.168.1.1,192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.cfxxe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O24 - Desktop Component 0: (no name) - http://www.michigan.gov/images/LotteryHeader_01_1516_7.jpg

--
End of file - 8034 bytes

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 AM

Posted 26 August 2011 - 06:39 AM

Hi,

Can you please link me to the other forum where you received the help.

Please temporary uninstall Alcohol 120, you can reinstall it back once we're done.


====================================


Let's see if we can run OTL.

Download OTL by OldTimer from one of the links below:

Link 1
Link 2

  • Save it to your desktop.
  • Close all open windows on the Task Bar.
  • Double click the OTL icon to run the program (run as Administrator for Windows Vista/7).
  • Put a check mark on Scan All Users.
  • Click the Run Scan button and let it run uninterrupted.
  • It will create two reports namely OTL.txt (will be opened) and Extras.txt (will be minimized).
  • Post the contents of both reports when you reply.
  • Exit OTL.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 28 August 2011 - 12:50 PM

I used this site http://www.spyware-asylum.com/XP-Full.htm which has been helpful many times before. And this was the reply in the forums that I received http://www.tech-forums.net/pc/f74/infected-computer-cant-run-some-scans-248397/

Not sure why your running Vundofix or Trojan Remover. Those are not necessary for normal removal procedures. Vundofix is very specific in fact and will only remove that infection and will do nothing if you do not have that infection.

You have mainly 2 options. Keep trying till you can get Combofix to work or format the drive and start over. Without knowing the specs of the machine I cant begin to tell you if some of the slowness is to be expected.


Alcohol 120 won't uninstall or open it just keeps saying
"Loading Alcohol device drivers failed! Emulation options and native driver interface of alcohol 120 will not be available!"
Also I don't see a virtual drive running if that was the reason you wanted me to turn uninstall it.

OTL did run :) Here are the logs.

***OTL.TXT***
OTL logfile created on: 8/28/2011 1:34:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Ted\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 677.94 Mb Available Physical Memory | 66.24% Memory free
3.91 Gb Paging File | 3.60 Gb Available in Paging File | 92.22% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 146.61 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TED-2900XP | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/28 13:33:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ted\Desktop\OTL.exe
PRC - [2011/08/19 10:05:30 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/19 10:05:30 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/01 21:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/28 13:28:04 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/28 04:11:56 | 001,290,240 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11082800\algo.dll
MOD - [2011/08/27 11:56:28 | 000,208,544 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11082800\aswRep.dll
MOD - [2011/08/11 21:44:27 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/11 21:44:27 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/11 21:44:27 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/19 10:05:30 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2005/10/09 22:33:00 | 001,079,832 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\Sandra Lite 2005.SR3\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2005/10/09 22:32:52 | 000,170,536 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\Sandra Lite 2005.SR3\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2005/04/01 21:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2003/03/09 16:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/10 13:44:11 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/04/18 11:59:10 | 000,078,720 | ---- | M] (TRENDnet ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TE100XP.SYS -- (RTL8023xp)
DRV - [2005/12/21 11:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 11:14:52 | 000,019,712 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio)
DRV - [2005/12/21 11:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 11:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/11/25 23:33:31 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/06/02 19:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:08:42 | 000,024,960 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/03/08 21:05:40 | 000,044,288 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 23:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2004/01/12 23:36:00 | 000,063,744 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/12/04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/10/29 00:02:00 | 000,021,120 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/12/03 12:55:14 | 000,155,264 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvvid2.sys -- (NUVision)
DRV - [2001/08/17 10:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/07/11 13:41:08 | 000,025,024 | ---- | M] (Zoran Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuvaud2.sys -- (nuvaud2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Documents and Settings\All Users\Documents\My Music\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Documents and Settings\Georgie\Local Settings\Application Data\Mozilla Firefox\components [2011/06/18 10:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Documents and Settings\Georgie\Local Settings\Application Data\Mozilla Firefox\plugins [2011/07/06 15:45:10 | 000,000,000 | ---D | M]

[2009/04/30 08:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ted\Application Data\Mozilla\Firefox\Profiles\ng4idvon.default\extensions
[2009/04/30 22:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/30 08:56:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

O1 HOSTS File: ([2010/09/15 19:25:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1229272821-179605362-725345543-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Yahtzee/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121930533216 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://www.michigan.gov/images/LotteryHeader_01_1516_7.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ted\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ted\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 17:01:04 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/28 13:33:33 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ted\Desktop\OTL.exe
[2011/08/12 08:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted\Desktop\WILLOW
[2011/08/12 08:05:46 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/08/12 08:05:45 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/08/12 02:17:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/11 21:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted\Application Data\SUPERAntiSpyware.com
[2011/08/11 21:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/11 21:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/11 21:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/11 14:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted\Start Menu\Programs\HiJackThis
[2011/08/11 14:49:51 | 000,000,000 | ---D | C] -- C:\hijackthis
[2011/08/11 14:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Trojan Remover
[2011/08/11 14:05:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011/08/11 14:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011/08/11 14:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted\My Documents\Simply Super Software
[2011/08/11 14:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted\Application Data\Simply Super Software
[2011/08/11 14:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2011/08/10 23:17:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/08/10 20:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/08/10 20:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/08/10 20:30:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ted\Recent
[2011/08/10 20:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/08/10 20:29:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/10 20:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/08/10 20:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ted\Local Settings\Application Data\Temp
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/28 13:33:36 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ted\Desktop\OTL.exe
[2011/08/28 13:31:07 | 000,432,754 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/28 13:31:07 | 000,067,710 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/28 13:27:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/28 13:26:21 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 13:26:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/28 13:26:04 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/27 21:39:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 21:08:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2011/08/27 16:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/25 18:44:22 | 000,008,035 | ---- | M] () -- C:\hijackthis 8-25-11
[2011/08/25 18:42:32 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\Ted\Desktop\HiJackThis.lnk
[2011/08/25 14:40:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/22 11:00:54 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Ted\Desktop\MS Word.lnk
[2011/08/20 16:27:58 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Ted\Desktop\Yahoo! Mail.url
[2011/08/20 08:06:13 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/08/20 08:06:06 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/18 19:41:17 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\Ted\Desktop\Microsoft Streets & Trips (2).lnk
[2011/08/14 12:03:59 | 000,000,438 | ---- | M] () -- C:\Documents and Settings\Ted\Desktop\Shortcut to computer scan stuff.lnk
[2011/08/12 08:24:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 21:43:58 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/11 14:05:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Ted\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Remover.lnk
[2011/08/11 14:05:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011/08/11 08:29:34 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/10 20:31:10 | 000,013,516 | ---- | M] () -- C:\Documents and Settings\Ted\My Documents\cc_20110810_203106.reg
[2011/08/10 20:29:02 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Ted\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/05 08:18:44 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Ted\My Documents\romulus athletic center.est
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 17:56:53 | 000,008,035 | ---- | C] () -- C:\hijackthis 8-25-11
[2011/08/20 16:27:58 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Ted\Desktop\Yahoo! Mail.url
[2011/08/14 14:49:05 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/14 12:03:59 | 000,000,438 | ---- | C] () -- C:\Documents and Settings\Ted\Desktop\Shortcut to computer scan stuff.lnk
[2011/08/12 08:19:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/08/11 21:43:58 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/11 14:49:53 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\Ted\Desktop\HiJackThis.lnk
[2011/08/11 14:05:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Ted\Application Data\Microsoft\Internet Explorer\Quick Launch\Trojan Remover.lnk
[2011/08/11 14:05:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2011/08/11 14:05:20 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/08/11 14:05:20 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/08/11 14:05:20 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/08/11 14:05:20 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/08/10 20:31:08 | 000,013,516 | ---- | C] () -- C:\Documents and Settings\Ted\My Documents\cc_20110810_203106.reg
[2011/08/10 20:29:02 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/10 20:29:02 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Ted\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/10 20:28:15 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/10 20:28:14 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/05 08:18:44 | 000,199,168 | ---- | C] () -- C:\Documents and Settings\Ted\My Documents\romulus athletic center.est
[2011/03/13 20:19:21 | 000,042,092 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/11 14:38:44 | 000,000,169 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2010/12/11 14:38:05 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2010/09/14 21:40:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 21:40:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 21:40:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 21:40:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 21:40:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/11 04:02:41 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/30 14:23:48 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/01/13 19:10:49 | 000,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/01/13 17:03:29 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2008/01/13 17:01:04 | 000,001,208 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2008/01/13 16:43:35 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/01/13 16:43:34 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/01/13 16:43:34 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/01/13 16:43:34 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/01/13 16:43:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2007/09/29 14:01:49 | 000,003,936 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/09/29 14:01:47 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/09/20 13:34:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 13:34:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/08/05 12:54:39 | 000,000,092 | ---- | C] () -- C:\WINDOWS\NogaTw.INI
[2007/06/07 09:31:18 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2007/06/07 09:31:18 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2007/06/07 09:16:20 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/06/07 09:16:20 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/05/15 23:43:46 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2006/02/14 16:42:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2006/01/21 02:31:47 | 000,035,132 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2006/01/21 02:03:53 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2006/01/12 01:57:10 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2005/12/14 13:34:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ted\Local Settings\Application Data\imageCache8_UNI.db
[2005/12/14 13:19:21 | 000,041,920 | ---- | C] () -- C:\Documents and Settings\Ted\Local Settings\Application Data\audioCache8_UNI.db
[2005/12/07 14:39:33 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/07 14:38:06 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/26 00:53:31 | 000,003,597 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/25 22:47:07 | 000,002,559 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/08/27 11:43:23 | 000,180,224 | ---- | C] () -- C:\Documents and Settings\Ted\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/29 14:38:24 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2005/07/27 06:03:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Ted\Application Data\hpothb07.tif
[2005/07/27 06:03:12 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Ted\Application Data\hpothb07.dat
[2005/07/26 02:23:42 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/07/23 04:30:47 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005/07/22 23:18:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2005/07/22 20:15:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2005/07/22 20:15:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2005/07/22 20:15:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2005/07/22 20:15:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2005/07/22 20:15:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/07/22 20:15:48 | 000,117,159 | ---- | C] () -- C:\WINDOWS\CMUDA.INI
[2005/07/22 20:15:38 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2005/07/22 20:15:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2005/07/22 20:15:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2005/07/22 20:10:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/21 02:48:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/21 02:42:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/07/20 22:30:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/20 22:27:25 | 000,199,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/01 04:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 00:56:44 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/04 00:56:44 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/04 00:56:44 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/04 00:56:44 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/04 00:56:44 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/12/22 14:40:06 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,754 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,067,710 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A6F413D
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AA243C48

< End of report >




***Extras.txt***
OTL Extras logfile created on: 8/28/2011 1:34:27 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Ted\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 677.94 Mb Available Physical Memory | 66.24% Memory free
3.91 Gb Paging File | 3.60 Gb Available in Paging File | 92.22% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 146.61 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: TED-2900XP | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Sandra Lite 2005.SR1\sandra.exe" = C:\Program Files\Sandra Lite 2005.SR1\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR1\RpcSandraSrv.exe" = C:\Program Files\Sandra Lite 2005.SR1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR1\RpcDataSrv.exe" = C:\Program Files\Sandra Lite 2005.SR1\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR3\sandra.exe" = C:\Program Files\Sandra Lite 2005.SR3\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR3\RpcSandraSrv.exe" = C:\Program Files\Sandra Lite 2005.SR3\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR3\RpcDataSrv.exe" = C:\Program Files\Sandra Lite 2005.SR3\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Guest\My Documents\iTunes.exe" = C:\Documents and Settings\Guest\My Documents\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Sandra Lite 2005.SR1\sandra.exe" = C:\Program Files\Sandra Lite 2005.SR1\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR1\RpcSandraSrv.exe" = C:\Program Files\Sandra Lite 2005.SR1\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR1\RpcDataSrv.exe" = C:\Program Files\Sandra Lite 2005.SR1\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR3\sandra.exe" = C:\Program Files\Sandra Lite 2005.SR3\sandra.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR3\RpcSandraSrv.exe" = C:\Program Files\Sandra Lite 2005.SR3\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Sandra Lite 2005.SR3\RpcDataSrv.exe" = C:\Program Files\Sandra Lite 2005.SR3\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite -- (SiSoftware)
"C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_09\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems, Inc.)
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems, Inc.)
"C:\Documents and Settings\All Users\Documents\My Music\iTunes.exe" = C:\Documents and Settings\All Users\Documents\My Music\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6A012D9C-2E2E-405A-B87C-E909F5297C3F}" = Studio 10 Bonus DVD
"{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8ACE0437-ABC8-42EE-A165-D5ADD81A1BD3}" = Pixie registration fix
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99B98440-4A0D-11D5-8310-0050DABBB21D}" = DVC
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0ADF96-20E7-4671-88D2-39B5A307E2A2}" = Pinnacle USB device drivers
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}" = DiscAPI (Studio 10)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AD4203ED-7683-435E-B436-C299773A9936}" = MapSource - US Topo v3.02
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C69EC60E-68D5-4DEC-A8B4-D3F19AF7ABCB}" = BlackBerry Device Software v4.6.0 for the BlackBerry 8220 smartphone
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5C69A43-F752-4F6A-B363-3EEF785F05F8}" = Ad-aware Pro 6.0
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEECE229-49F6-4851-A73A-99B058221F8C}" = RAPID (Studio 10)
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"3DGroove" = OTOY
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"am-yahtzeedownloadedition" = Yahtzee Download Edition
"Audacity_is1" = Audacity 1.2.4
"avast" = avast! Free Antivirus
"Azureus" = Azureus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"Family Tree Builder" = MyHeritage Family Tree Builder
"GameHouse" = GameHouse
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PremElem10" = Adobe Premiere Elements 1.0
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer
"SiSoftware Sandra Lite 2005.SR1_is1" = SiSoftware Sandra Lite 2005.SR1 (Win64/32/CE)
"SiSoftware Sandra Lite 2005.SR3_is1" = SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
"The Core Media Player" = The Core Media Player 4.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"yahtzeedownloadedition" = Yahtzee Download Edition

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1229272821-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2011 12:16:52 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module jscript.dll, version 5.7.6002.22589, fault address 0x0001c64b.

Error - 8/13/2011 12:17:00 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 8/13/2011 12:17:39 PM | Computer Name = TED-2900XP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2011 12:06:37 PM | Computer Name = TED-2900XP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17099, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2011 11:24:54 AM | Computer Name = TED-2900XP | Source = Application Hang | ID = 1002
Description = Hanging application hpqthb08.exe, version 4.2.0.138, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2011 10:05:47 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module jscript.dll, version 5.7.6002.22589, fault address 0x0001c64b.

Error - 8/22/2011 4:36:46 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module msntb.dll, version 3.1.0.146, fault address 0x0003e030.

Error - 8/25/2011 8:05:13 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module jscript.dll, version 5.7.6002.22589, fault address 0x0001c64b.

Error - 8/25/2011 9:30:02 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.17099, faulting
module oleaut32.dll, version 5.1.2600.6058, fault address 0x000048a4.

Error - 8/25/2011 9:30:10 PM | Computer Name = TED-2900XP | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

[ System Events ]
Error - 8/14/2011 12:03:57 PM | Computer Name = TED-2900XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/14/2011 12:32:15 PM | Computer Name = TED-2900XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/14/2011 12:36:40 PM | Computer Name = TED-2900XP | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 00000028, parameter2 00000002, parameter3
00000000, parameter4 80502e54.

Error - 8/14/2011 1:11:31 PM | Computer Name = TED-2900XP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK7 aswSnx aswSP aswTdi Cinemsup Fips SASDIFSV SASKUTIL

Error - 8/14/2011 1:12:05 PM | Computer Name = TED-2900XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/14/2011 1:29:06 PM | Computer Name = TED-2900XP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/14/2011 1:29:17 PM | Computer Name = TED-2900XP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK7 aswSnx aswSP aswTdi Cinemsup Fips SASDIFSV SASKUTIL

Error - 8/18/2011 8:17:53 AM | Computer Name = TED-2900XP | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.

Error - 8/20/2011 8:06:01 AM | Computer Name = TED-2900XP | Source = Service Control Manager | ID = 7022
Description = The avast! Antivirus service hung on starting.

Error - 8/25/2011 1:07:50 PM | Computer Name = TED-2900XP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
atapi PCIIde


< End of report >

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 AM

Posted 29 August 2011 - 07:26 AM

Hi,


P2P Warning:

Azureus

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes .

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."



Viewpoint Warning:

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player



===============================================


Also I don't see a virtual drive running if that was the reason you wanted me to turn uninstall it.

Exactly, software like this may sometimes be identified as rootkit. Let's temporary remove unnecessary protection, please uninstall SUPERAntiSpyware.


:step1: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step2: Please delete your copy of Combofix, then download a new copy and run it.

Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 29 August 2011 - 10:44 PM

I uninstalled Azures (Windows says it hadn't been used since Jan 2006) and Viewpoint Media player and Superantispyware.

I ran TDSSKiller but it said nothing found. I tried running combofix but it just locked the computer up.

TDSSKiller log

2011/08/29 22:03:00.0593 2328 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/29 22:03:00.0968 2328 ================================================================================
2011/08/29 22:03:00.0968 2328 SystemInfo:
2011/08/29 22:03:00.0968 2328
2011/08/29 22:03:00.0968 2328 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/29 22:03:00.0968 2328 Product type: Workstation
2011/08/29 22:03:00.0968 2328 ComputerName: TED-2900XP
2011/08/29 22:03:00.0968 2328 UserName: Ted
2011/08/29 22:03:00.0968 2328 Windows directory: C:\WINDOWS
2011/08/29 22:03:00.0968 2328 System windows directory: C:\WINDOWS
2011/08/29 22:03:00.0968 2328 Processor architecture: Intel x86
2011/08/29 22:03:00.0968 2328 Number of processors: 1
2011/08/29 22:03:00.0968 2328 Page size: 0x1000
2011/08/29 22:03:00.0968 2328 Boot type: Normal boot
2011/08/29 22:03:00.0968 2328 ================================================================================
2011/08/29 22:03:01.0265 2328 Initialize success
2011/08/29 22:03:14.0812 2660 ================================================================================
2011/08/29 22:03:14.0812 2660 Scan started
2011/08/29 22:03:14.0812 2660 Mode: Manual;
2011/08/29 22:03:14.0812 2660 ================================================================================
2011/08/29 22:03:15.0046 2660 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/08/29 22:03:15.0140 2660 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/08/29 22:03:15.0281 2660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/29 22:03:15.0343 2660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/29 22:03:15.0437 2660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/29 22:03:15.0515 2660 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/29 22:03:15.0593 2660 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/08/29 22:03:15.0796 2660 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/08/29 22:03:15.0921 2660 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/29 22:03:16.0015 2660 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
2011/08/29 22:03:16.0203 2660 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/08/29 22:03:16.0265 2660 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/08/29 22:03:16.0312 2660 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/08/29 22:03:16.0375 2660 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/08/29 22:03:16.0453 2660 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/08/29 22:03:16.0515 2660 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/08/29 22:03:16.0593 2660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/29 22:03:16.0640 2660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/29 22:03:16.0750 2660 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/29 22:03:16.0812 2660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/29 22:03:16.0906 2660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/29 22:03:16.0937 2660 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/08/29 22:03:17.0015 2660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/29 22:03:17.0234 2660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/29 22:03:17.0296 2660 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/29 22:03:17.0390 2660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/29 22:03:17.0468 2660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/29 22:03:17.0546 2660 Cdr4_xp (6674bb4a919220d05bd002bbf6081aaa) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/08/29 22:03:17.0609 2660 Cdralw2k (8822a9246c20af99686e65710c7d6a5d) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/08/29 22:03:17.0640 2660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/29 22:03:17.0687 2660 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/08/29 22:03:17.0796 2660 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
2011/08/29 22:03:17.0968 2660 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
2011/08/29 22:03:18.0171 2660 DCamUSBEMPIA (5118ea8a2f55fa4d4295516500b78229) C:\WINDOWS\system32\DRIVERS\emDevice.sys
2011/08/29 22:03:18.0250 2660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/29 22:03:18.0343 2660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/29 22:03:18.0406 2660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/29 22:03:18.0437 2660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/29 22:03:18.0500 2660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/29 22:03:18.0609 2660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/29 22:03:18.0656 2660 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys
2011/08/29 22:03:18.0703 2660 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2011/08/29 22:03:18.0765 2660 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/08/29 22:03:18.0828 2660 emAudio (ffa45148a2d5d05dbb3c0997e579fc9c) C:\WINDOWS\system32\drivers\emAudio.sys
2011/08/29 22:03:18.0921 2660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/29 22:03:18.0984 2660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/29 22:03:19.0062 2660 FiltUSBEMPIA (6f87e4706f59463b74bc4fad0f67338f) C:\WINDOWS\system32\DRIVERS\emFilter.sys
2011/08/29 22:03:19.0109 2660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/29 22:03:19.0187 2660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/29 22:03:19.0281 2660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/29 22:03:19.0312 2660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/29 22:03:19.0359 2660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/29 22:03:19.0437 2660 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/29 22:03:19.0515 2660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/08/29 22:03:19.0562 2660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/29 22:03:19.0656 2660 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/29 22:03:19.0781 2660 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/29 22:03:19.0812 2660 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/29 22:03:19.0859 2660 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/29 22:03:19.0953 2660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/29 22:03:20.0109 2660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/29 22:03:20.0203 2660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/29 22:03:20.0328 2660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/29 22:03:20.0375 2660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/29 22:03:20.0421 2660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/29 22:03:20.0500 2660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/29 22:03:20.0578 2660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/29 22:03:20.0640 2660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/29 22:03:20.0718 2660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/29 22:03:20.0796 2660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/29 22:03:20.0875 2660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/29 22:03:20.0968 2660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/29 22:03:21.0109 2660 MarvinBus (269c14d512b74cc28d2812ff7d1eb066) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
2011/08/29 22:03:21.0187 2660 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/08/29 22:03:21.0250 2660 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/08/29 22:03:21.0328 2660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/29 22:03:21.0406 2660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/29 22:03:21.0437 2660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/29 22:03:21.0484 2660 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/29 22:03:21.0562 2660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/29 22:03:21.0640 2660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/29 22:03:21.0718 2660 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/29 22:03:21.0796 2660 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/08/29 22:03:21.0828 2660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/29 22:03:21.0890 2660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/29 22:03:21.0921 2660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/29 22:03:21.0968 2660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/29 22:03:22.0031 2660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/29 22:03:22.0093 2660 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/29 22:03:22.0156 2660 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/29 22:03:22.0234 2660 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/29 22:03:22.0312 2660 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/29 22:03:22.0375 2660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/29 22:03:22.0453 2660 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
2011/08/29 22:03:22.0500 2660 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/29 22:03:22.0562 2660 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/29 22:03:22.0656 2660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/29 22:03:22.0687 2660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/29 22:03:22.0765 2660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/29 22:03:22.0828 2660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/29 22:03:22.0921 2660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/29 22:03:23.0015 2660 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/29 22:03:23.0078 2660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/29 22:03:23.0125 2660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/29 22:03:23.0203 2660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/29 22:03:23.0296 2660 nuvaud2 (363be28dda6160610d7361ed368f1813) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys
2011/08/29 22:03:23.0343 2660 NUVision (923809daf96cd3a9fabcdebc735b21b6) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
2011/08/29 22:03:23.0468 2660 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/29 22:03:23.0625 2660 nvatabus (06f86506555644cba020cd2cffe28668) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/08/29 22:03:23.0671 2660 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/08/29 22:03:23.0734 2660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/29 22:03:23.0765 2660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/29 22:03:23.0843 2660 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/29 22:03:23.0890 2660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/29 22:03:23.0953 2660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/29 22:03:24.0015 2660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/29 22:03:24.0062 2660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/29 22:03:24.0140 2660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/29 22:03:24.0187 2660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/29 22:03:24.0515 2660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/29 22:03:24.0578 2660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/29 22:03:24.0609 2660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/29 22:03:24.0687 2660 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/08/29 22:03:24.0765 2660 PxHelp20 (183ef96bcc2ec3d5294cb2c2c0ecbcd1) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/29 22:03:24.0968 2660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/29 22:03:25.0062 2660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/29 22:03:25.0109 2660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/29 22:03:25.0156 2660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/29 22:03:25.0234 2660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/29 22:03:25.0281 2660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/29 22:03:25.0328 2660 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/29 22:03:25.0390 2660 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/29 22:03:25.0468 2660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/29 22:03:25.0531 2660 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/08/29 22:03:25.0609 2660 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/29 22:03:25.0687 2660 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/29 22:03:25.0781 2660 RTL8023xp (b41a6af98255cf7dce5cb14922a973ef) C:\WINDOWS\system32\DRIVERS\TE100XP.SYS
2011/08/29 22:03:25.0859 2660 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/08/29 22:03:25.0953 2660 ScanUSBEMPIA (f5a633609777c212ec5ff19927fc5955) C:\WINDOWS\system32\DRIVERS\emScan.sys
2011/08/29 22:03:26.0031 2660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/29 22:03:26.0125 2660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/29 22:03:26.0156 2660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/29 22:03:26.0250 2660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/29 22:03:26.0359 2660 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/29 22:03:26.0453 2660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/29 22:03:26.0562 2660 sptd (73205bd9a388639c210636793fe3fd61) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/29 22:03:26.0640 2660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/29 22:03:26.0703 2660 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/29 22:03:26.0781 2660 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/29 22:03:26.0843 2660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/29 22:03:26.0906 2660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/29 22:03:27.0109 2660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/29 22:03:27.0203 2660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/29 22:03:27.0265 2660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/29 22:03:27.0312 2660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/29 22:03:27.0375 2660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/29 22:03:27.0515 2660 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys
2011/08/29 22:03:27.0578 2660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/29 22:03:27.0687 2660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/29 22:03:27.0781 2660 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/29 22:03:27.0843 2660 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/29 22:03:27.0906 2660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/29 22:03:27.0968 2660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/29 22:03:28.0046 2660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/29 22:03:28.0078 2660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/29 22:03:28.0140 2660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/29 22:03:28.0203 2660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/29 22:03:28.0265 2660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/29 22:03:28.0328 2660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/29 22:03:28.0406 2660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/29 22:03:28.0531 2660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/29 22:03:28.0625 2660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/29 22:03:28.0796 2660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/08/29 22:03:28.0890 2660 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/29 22:03:28.0968 2660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/29 22:03:29.0031 2660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/29 22:03:29.0125 2660 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/29 22:03:29.0218 2660 Boot (0x1200) (f090250a1bca269af47187d3a25886c9) \Device\Harddisk0\DR0\Partition0
2011/08/29 22:03:29.0234 2660 ================================================================================
2011/08/29 22:03:29.0234 2660 Scan finished
2011/08/29 22:03:29.0234 2660 ================================================================================
2011/08/29 22:03:29.0265 3980 Detected object count: 0
2011/08/29 22:03:29.0265 3980 Actual detected object count: 0
2011/08/29 22:04:09.0187 3848 Deinitialize success

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 AM

Posted 30 August 2011 - 09:24 AM

Please try this, make sure that Combofix was save in your desktop:

Click Start > Run > Copy-Paste the code below and press Enter:

"%userprofile%\desktop\ComboFix.exe" /killall

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 30 August 2011 - 09:54 PM

No luck :( It still starts up but it locks the computer up once it gives the message saying the scan shouldn't take more than 10 minutes.

#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 AM

Posted 31 August 2011 - 08:39 AM

Do the following please:


:step1: Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box.

    :OTL
    IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    
    :Commands
    [EMPTYTEMP] 
    [CREATERESTOREPOINT] 
    
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.


:step2: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Note: Do not install Avast anti virus when offered.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 01 September 2011 - 10:36 AM

aswmbr locks the computer up pretty quick. The last 2 things it says are

Scanning C:\windows\system32\drivers\acpi.sys
scanning services

But here is the custom scan OTL log

All processes killed
========== OTL ==========
HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1229272821-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Backup
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2688 bytes

User: Bulldozer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 1014 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Georgie
->Temp folder emptied: 67063 bytes
->Temporary Internet Files folder emptied: 133070750 bytes
->Java cache emptied: 35265 bytes
->FireFox cache emptied: 23436309 bytes
->Flash cache emptied: 2969327 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 953 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Ted
->Temp folder emptied: 93772035 bytes
->Temporary Internet Files folder emptied: 8534537 bytes
->Java cache emptied: 423622 bytes
->FireFox cache emptied: 3322824 bytes
->Google Chrome cache emptied: 13052898 bytes
->Flash cache emptied: 4849 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 737298 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65419736 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 298496 bytes

Total Files Cleaned = 329.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.6 log created on 09012011_111918

Files\Folders moved on Reboot...
C:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\Content.IE5\LJ8X9ZEI\page__p__2371807[1].htm moved successfully.
C:\Documents and Settings\Ted\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by dario03, 01 September 2011 - 10:39 AM.


#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:03:51 AM

Posted 02 September 2011 - 11:05 AM

Try this please. You will need a USB drive and a blank CD.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh to your USB drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert it back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 dario03

dario03
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 05 September 2011 - 08:20 PM

I probably won't be able to try that till Thursday. Will a CDRW or DVDRW work?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users