Computer Slows then loses connectivity

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

lbriteyes

Thread Starter
Joined
Aug 9, 2001
Messages
90
Attached is my hijack this log.

Computer runs fine upon boot. I'm able to check email, but it runs very slowly. After a doing a few online tasks, computer does not freeze, but runs incredibly slow. Eventually, I lose connectivity.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:33 AM, on 4/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\188\service.exe
C:\188\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate1cac37a2f4341a6) (gupdate1cac37a2f4341a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Larry\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: svcfost - Unknown owner - C:\188\service.exe

--
End of file - 8986 bytes
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

-----

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • OTL should now start. Change the following settings
    • Change Drivers to All
    • Change Standard Registry to All
    • Under File Scans, change File age to 30
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
    • Please post the contents of these files in your next reply.

------

Download RootRepeal from one of the following locations and save it to your desktop:
  • Double click
    to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the
    button
  • In the Select Scan dialog, check:

    • [*]Drivers
      [*]Files
      [*]Processes
      [*]SSDT
      [*]Stealth Objects
      [*]Hidden Services
      [*]Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan
    Note: The scan can take some time. DO NOT run any other programs while the scan is running
  • When the scan is complete, click the
    button and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below ;) ) [/list]



  • In there, at the bottom, click on the button Manage Attachments (in the picture below ;) .
  • A window will appear, and then Browse to RootRepeal.txt on your Desktop.
  • Click Upload, and when uploaded click Close this Window
  • Then, in the previous window, click on Add Reply



Regards

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Yep, they're uploaded fine :)


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.


eddie
 

lbriteyes

Thread Starter
Joined
Aug 9, 2001
Messages
90
mbam log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3988

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/14/2010 4:40:33 PM
mbam-log-2010-04-14 (16-40-33).txt

Scan type: Quick scan
Objects scanned: 111440
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svcfost (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SVCFOST (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Super AntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2010 at 05:29 PM

Application Version : 4.35.1002

Core Rules Database Version : 4806
Trace Rules Database Version: 2618

Scan type : Complete Scan
Total Scan Time : 00:33:15

Memory items scanned : 465
Memory threats detected : 0
Registry items scanned : 4698
Registry threats detected : 15
File items scanned : 50214
File threats detected : 47

Adware.Tracking Cookie
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][3].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][3].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][1].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt
C:\Documents and Settings\Larry\Cookies\[email protected][2].txt

Adware.Zango/ShoppingReport
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version

Trojan.Downloader-SVCHost/Fake
C:\188\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-098EF38B.pf
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Thanks :)


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
 

lbriteyes

Thread Starter
Joined
Aug 9, 2001
Messages
90
Combofix Log:

ComboFix 10-04-14.01 - Larry 04/15/2010 8:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1017 [GMT -4:00]
Running from: c:\documents and settings\Larry\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-14 20:48 . 2010-04-14 20:48 52224 ----a-w- c:\documents and settings\Larry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-14 20:48 . 2010-04-14 20:48 117760 ----a-w- c:\documents and settings\Larry\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-14 20:47 . 2010-04-14 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-14 20:47 . 2010-04-14 20:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-14 20:47 . 2010-04-14 20:47 -------- d-----w- c:\documents and settings\Larry\Application Data\SUPERAntiSpyware.com
2010-04-14 20:47 . 2010-04-14 20:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-14 20:32 . 2010-04-14 20:32 -------- d-----w- c:\documents and settings\Larry\Application Data\Malwarebytes
2010-04-14 20:32 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-14 20:32 . 2010-04-14 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-14 20:32 . 2010-04-14 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-14 20:32 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-09 15:30 . 2010-04-09 18:40 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-04-09 15:21 . 2010-04-09 18:38 -------- d-----w- c:\program files\Wise Registry Cleaner
2010-04-08 21:04 . 2010-04-08 21:04 4255072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-02 13:05 . 2010-04-02 13:05 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-02 13:05 . 2010-04-02 13:05 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-02 13:05 . 2010-04-02 13:05 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-02 13:05 . 2010-04-02 13:05 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-02 13:05 . 2010-04-02 13:05 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-02 13:05 . 2010-04-02 13:05 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-02 13:05 . 2010-04-02 13:05 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-02 13:05 . 2010-04-02 13:05 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-02 13:05 . 2010-04-02 13:05 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-02 13:05 . 2010-04-02 13:05 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-02 13:05 . 2010-04-02 13:05 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-02 13:04 . 2010-04-02 13:04 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-02 13:04 . 2010-04-02 13:04 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-31 22:40 . 2010-03-31 22:40 503808 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-720bb11b-n\msvcp71.dll
2010-03-31 22:40 . 2010-03-31 22:40 499712 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-720bb11b-n\jmc.dll
2010-03-31 22:40 . 2010-03-31 22:40 348160 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-720bb11b-n\msvcr71.dll
2010-03-31 22:40 . 2010-03-31 22:40 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 22:40 . 2010-03-31 22:40 61440 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4270496a-n\decora-sse.dll
2010-03-31 22:40 . 2010-03-31 22:40 12800 ----a-w- c:\documents and settings\Larry\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4270496a-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-15 12:22 . 2009-04-17 16:16 -------- d-----w- c:\documents and settings\Larry\Application Data\Skype
2010-04-11 14:14 . 2010-01-25 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-04-09 21:51 . 2009-07-17 22:23 1 ----a-w- c:\documents and settings\Larry\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-31 22:40 . 2009-03-06 18:01 -------- d-----w- c:\program files\Java
2010-03-26 14:37 . 2009-02-10 15:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-14 13:30 . 2010-03-14 13:30 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-14 13:30 . 2010-03-14 13:30 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-14 13:30 . 2010-03-14 13:30 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-14 13:30 . 2010-03-14 13:30 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-14 13:30 . 2010-03-14 13:30 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-14 13:30 . 2010-03-14 13:30 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-14 13:30 . 2010-03-14 13:30 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-14 13:30 . 2010-03-14 13:30 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-14 13:30 . 2009-07-10 23:45 -------- d-----w- c:\program files\Common Files\Real
2010-03-14 13:30 . 2009-07-10 23:45 -------- d-----w- c:\program files\Real
2010-03-14 13:29 . 2009-05-12 15:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-14 13:28 . 2009-02-04 23:39 -------- d-----w- c:\program files\Google
2010-03-12 13:12 . 2010-02-07 13:51 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 13:12 . 2010-03-12 13:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 13:12 . 2010-02-07 13:52 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 13:11 . 2010-02-07 13:52 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-11 12:38 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 10:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-04 10:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-04 10:00 430080 ------w- c:\windows\system32\vbscript.dll
2010-03-09 08:28 . 2009-02-04 21:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 14:22 . 2009-07-12 16:33 -------- d-----w- c:\documents and settings\Larry\Application Data\Corel
2010-02-24 14:05 . 2009-07-12 16:20 2516 ----a-w- c:\windows\system32\KGyGaAvL.sys
2010-02-24 13:11 . 2004-08-04 10:00 455680 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:57 . 2010-02-23 16:57 88 --sh--r- c:\windows\system32\72EBC3738A.sys
2010-02-17 13:10 . 2005-03-30 01:23 2189952 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2005-03-30 01:01 2066816 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 10:00 100864 ------w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-04 10:00 226880 ------w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 13:32 . 2009-11-12 17:24 161081 -c--a-w- c:\windows\hpoins36.dat
2004-08-04 10:00 . 2004-08-04 10:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 . 2004-08-04 10:00 50688 -csh--w- c:\windows\twain_32.dll
2009-07-12 21:24 . 2009-07-12 16:20 88 --sh--r- c:\windows\system32\433BF6FE38.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-24 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-06-23 61440]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-09-19 45056]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2005-03-24 94770]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-14 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 13:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24283:TCP"= 24283:TCP:BitComet 24283 TCP
"24283:UDP"= 24283:UDP:BitComet 24283 UDP
"6667:TCP"= 6667:TCP:msiexec

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/7/2010 9:52 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/7/2010 9:51 AM 242696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 9:11 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 9:12 AM 308064]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S2 gupdate1cac37a2f4341a6;Google Update Service (gupdate1cac37a2f4341a6);c:\program files\Google\Update\GoogleUpdate.exe [3/14/2010 9:28 AM 133104]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Larry\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Larry\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 10:54 AM 18864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 13:28]

2010-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 13:28]

2010-04-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1563985344-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-04-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1563985344-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -

AddRemove-mIRC - c:\188\svchost.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 08:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)[email protected]??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-04-15 08:51:26
ComboFix-quarantined-files.txt 2010-04-15 12:51

Pre-Run: 112,002,367,488 bytes free
Post-Run: 112,417,894,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F9E60D1D93325ADCFB5F0BDF05CD5D5E
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Can you re-run OTL again, and I'll see if anything else needs looking at :)
 

lbriteyes

Thread Starter
Joined
Aug 9, 2001
Messages
90
Thank you. Please let me know if this worked. :)

Linda


OTL logfile created on: 4/16/2010 1:42:55 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Larry\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 104.64 Gb Free Space | 81.75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/11 18:24:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\My Documents\Downloads\OTL.exe
PRC - [2010/04/02 09:05:11 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/14 09:29:45 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/12 09:12:20 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/03/12 09:12:20 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 09:12:17 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 09:12:16 | 000,751,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010/03/12 09:11:35 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 09:11:34 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/02/24 13:30:25 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/06/23 13:13:44 | 000,061,440 | ---- | M] (Vimicro) -- C:\WINDOWS\VM303_STI.EXE
PRC - [2004/10/14 16:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2001/10/25 10:55:00 | 000,311,296 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe
PRC - [2001/09/19 12:18:08 | 000,045,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 18:24:40 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Larry\My Documents\Downloads\OTL.exe
MOD - [2010/03/14 09:30:40 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/03/14 09:29:48 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2009/08/13 09:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/05/12 11:13:30 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - [2010/03/12 09:12:17 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 09:11:35 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2008/07/15 17:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001/10/25 10:54:58 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)


========== Driver Services (All) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ViaIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ultra)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (TosIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc8xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (symc810)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_u3)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (sym_hi)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Sparrow)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1280)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1240)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql12160)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Ql10wnt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ql1080)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2hib)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (perc2)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (OMCI)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (mraid35x)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (ini910u)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (i2omp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (hpn)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dpti2o)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (dac960nt)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Cpqarray)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (CmdIde)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (cd20xrnt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3550)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc3350p)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (asc)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (amsint)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (AliIde)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78xx)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (aic78u2)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Aha154x)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (adpu160m)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (abp480n5)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2010/03/12 09:12:21 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/12 09:12:20 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 09:11:34 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/31 12:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/10/28 06:31:52 | 000,049,920 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2008/10/28 06:31:52 | 000,021,568 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/10/28 06:31:52 | 000,016,496 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport) WAN Miniport (PPTP)
DRV - [2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp) WAN Miniport (L2TP)
DRV - [2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\mup.sys -- (Mup)
DRV - [2008/04/13 15:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 14:57:29 | 000,040,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 14:46:26 | 000,085,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NABTSFEC.sys -- (NABTSFEC)
DRV - [2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS -- (WSTCODEC)
DRV - [2008/04/13 14:46:24 | 000,017,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CCDECODE.sys -- (CCDECODE)
DRV - [2008/04/13 14:46:24 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SLIP.sys -- (SLIP)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StreamIP.sys -- (streamip)
DRV - [2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisIP.sys -- (NdisIP)
DRV - [2008/04/13 14:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 14:45:28 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 14:45:14 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 14:45:10 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/13 14:45:10 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/13 14:45:08 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/13 14:45:02 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum)
DRV - [2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\parport.sys -- (Parport)
DRV - [2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2008/04/13 14:39:52 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSTEE.sys -- (MSTEE)
DRV - [2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2008/04/13 14:39:48 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/13 14:39:46 | 000,206,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4.sys -- (dot4)
DRV - [2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ACPI.sys -- (ACPI)
DRV - [2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/04/13 12:39:24 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/13 12:39:15 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006/09/28 21:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 20:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2006/02/09 22:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/14 14:59:06 | 000,389,788 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303) VIMICRO USB PC Camera (ZC0301PLH)
DRV - [2005/01/27 17:31:06 | 000,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004/12/13 17:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 06:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2004/08/04 06:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2004/08/04 06:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2004/08/04 06:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2004/08/04 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 06:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2004/08/04 06:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004/08/04 06:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2004/08/04 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004/08/04 06:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2004/08/04 06:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parvdm.sys -- (ParVdm)
DRV - [2004/08/04 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2004/08/04 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\beep.sys -- (Beep)
DRV - [2004/08/04 06:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2004/08/04 06:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\null.sys -- (Null)
DRV - [2004/06/15 17:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 18:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 18:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 18:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/02/10 17:49:14 | 000,154,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2004/02/09 14:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2001/10/25 10:54:58 | 000,050,704 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2001/10/25 10:54:58 | 000,050,179 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2001/10/25 10:54:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2001/10/25 10:54:58 | 000,015,984 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2001/08/17 15:47:32 | 000,023,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb)
DRV - [2001/08/17 15:47:32 | 000,012,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print)
DRV - [2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 20:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/14 09:30:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/06 14:01:57 | 000,000,000 | ---D | M]

[2009/08/10 09:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions
[2009/08/10 09:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Larry\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StormCodec_Helper] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - File not found
O9 - Extra 'Tools' menuitem : Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/03 21:16:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/02/03 21:16:06 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/15 09:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\My Documents\My Snapfire Shows
[2010/04/15 09:05:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/15 08:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Desktop\log files
[2010/04/15 08:44:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/15 08:41:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/15 08:41:27 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/15 08:41:27 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/15 08:41:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/15 08:41:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 08:40:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/14 16:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/14 16:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\SUPERAntiSpyware.com
[2010/04/14 16:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/14 16:47:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/14 16:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Larry\Application Data\Malwarebytes
[2010/04/14 16:32:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/14 16:32:24 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/14 16:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/14 16:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/09 11:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Disk Cleaner
[2010/04/09 11:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Wise Registry Cleaner
[2010/03/31 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 18:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/31 18:40:03 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/31 18:40:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/31 18:40:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/02/07 09:50:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/07 09:50:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/20 07:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/04 20:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/19 17:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/09 08:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/02/04 11:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/04/16 13:45:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/16 13:45:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/16 13:36:02 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1563985344-839522115-1004.job
[2010/04/16 13:35:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/16 13:35:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/16 10:01:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Larry\ntuser.ini
[2010/04/16 10:01:50 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Larry\NTUSER.DAT
[2010/04/16 09:26:51 | 058,962,029 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/16 08:50:56 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1563985344-839522115-1004.job
[2010/04/15 14:05:17 | 000,007,709 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Pain Log.rtf
[2010/04/15 10:04:59 | 000,002,516 | ---- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/15 09:29:18 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/15 09:09:58 | 000,015,523 | ---- | M] () -- C:\Documents and Settings\Larry\My Documents\Medical Information.odt
[2010/04/15 09:04:38 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Windows Explorer (2).lnk
[2010/04/15 09:03:06 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/15 08:50:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/15 08:44:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/15 08:20:49 | 003,915,740 | R--- | M] () -- C:\Documents and Settings\Larry\Desktop\ComboFix.exe
[2010/04/14 16:47:24 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/14 16:32:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/14 10:49:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/11 18:44:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/09 14:33:49 | 005,891,982 | -H-- | M] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\IconCache.db
[2010/04/09 11:32:57 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Larry\Desktop\Clean disk with 1 click.lnk
[2010/04/09 11:21:17 | 000,001,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/22 08:45:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010/04/15 08:44:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/15 08:44:31 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/15 08:41:27 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/15 08:41:27 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/15 08:41:27 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/15 08:41:27 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/15 08:41:27 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/15 08:20:49 | 003,915,740 | R--- | C] () -- C:\Documents and Settings\Larry\Desktop\ComboFix.exe
[2010/04/14 16:47:24 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/14 16:32:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/09 11:30:42 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\Larry\Desktop\Clean disk with 1 click.lnk
[2010/04/09 11:21:17 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clear with 1 click.lnk
[2010/03/30 19:19:47 | 000,007,709 | ---- | C] () -- C:\Documents and Settings\Larry\My Documents\Pain Log.rtf
[2010/02/23 12:57:34 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\72EBC3738A.sys
[2009/11/12 13:24:14 | 000,010,538 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/26 09:27:57 | 000,007,763 | R--- | C] () -- C:\WINDOWS\AmvPlayer.ini
[2009/08/26 09:27:56 | 000,008,802 | R--- | C] () -- C:\WINDOWS\AmvTransform.ini
[2009/07/12 17:03:07 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/07/12 12:20:44 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/07/12 12:20:44 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\433BF6FE38.sys
[2009/06/11 15:18:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/30 09:29:50 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2009/04/28 11:59:24 | 000,019,160 | ---- | C] () -- C:\Documents and Settings\Larry\Local Settings\Application Data\slot1.mm1
[2009/03/01 19:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2009/02/04 14:37:14 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2009/02/04 14:06:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\VMPipe.dll
[2009/02/04 12:34:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/02/03 21:21:24 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Larry\ntuser.dat.LOG
[2009/02/03 21:21:24 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Larry\ntuser.ini
[2009/02/03 21:21:23 | 005,767,168 | -H-- | C] () -- C:\Documents and Settings\Larry\NTUSER.DAT
[2005/03/22 11:29:36 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/02/24 12:56:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2005/01/15 23:49:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/01/15 23:47:48 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/05/15 02:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/05/15 00:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/02/03 21:16:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/03 21:11:18 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/15 08:44:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/04/15 08:51:26 | 000,017,738 | ---- | M] () -- C:\ComboFix.txt
[2009/02/03 21:16:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/03 21:16:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/03 21:16:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/04 11:28:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/16 13:35:49 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/11/17 07:11:08 | 000,007,773 | ---- | M] () -- C:\playground.log
[2010/04/11 18:36:01 | 000,001,466 | ---- | M] () -- C:\RootRepeal report 04-11-10 (18-36-01).txt


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/04 11:26:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/02/04 11:26:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/04 11:26:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/02/04 11:26:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 18:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/08/05 11:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=75562456AA672BB5FE56D3C64C6D1C7D -- C:\DELL\drivers\R133282\nvatabus.sys
[2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/01/11 01:19:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/11 01:19:53 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/11 01:19:53 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/11 08:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010/03/11 08:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5AE4E07
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A752D3DB
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE47A3DA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
< End of report >
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Looking better, so can you do the following:


Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:17BBEBBB
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C63E7DE2
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5AE4E07
    @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
    @Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP31BE97C
    @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A752D3DB
    @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP055FC10
    @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05113FB9
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E5294695
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2871B698
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:225CD7D5
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPE47A3DA
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
    @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07241935
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C928F3BE
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C5ABDC7
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45F3AD49
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C0A9D0E7
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
    @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51F17BB8
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0EB1DE
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BC498A4
    @Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88698068
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC4EA67C
    @Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43982D5E
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.


===========


After that, lets have a look at an online scan:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • [*]Spyware, adware, dialers, and other riskware
      [*]Archives
      [*]E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :File
    C:\System Volume Information\_restore{5E03A949-CD36-43E5-8EDC-C4FA0277EE57}\RP240\A0522909.exe
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

=======

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "RSReport" and save it to your desktop. You will see the RSReport.run file on your desktop. Rightclick on it and select Send To then select Compressed (zipped) Folder and upload that zip here. Click on the Go Advanced button for the uploading options at the bottom of this page (in the picture below ;) )



  • In there, at the bottom, click on the button Manage Attachments (in the picture below ;) .
  • A window will appear, and then Browse to RSReport.zip on your Desktop.
  • Click Upload, and when uploaded click Close this Window
  • Then, in the previous window, click on Add Reply




eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Nuts, missed an 's' off the OTL fix :(

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :Files
    C:\System Volume Information\_restore{5E03A949-CD36-43E5-8EDC-C4FA0277EE57}\RP240\A0522909.exe
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

I'll look at the RunScanner when I get home :)
 

lbriteyes

Thread Starter
Joined
Aug 9, 2001
Messages
90
New OTL...

All processes killed
========== FILES ==========
C:\System Volume Information\_restore{5E03A949-CD36-43E5-8EDC-C4FA0277EE57}\RP240\A0522909.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Larry
->Temp folder emptied: 426283 bytes
->Temporary Internet Files folder emptied: 26463026 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1424 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11577 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04232010_153849

Files\Folders moved on Reboot...
C:\Documents and Settings\Larry\Local Settings\Temp\~DF4AA0.tmp moved successfully.
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFAFC6.tmp not found!
File\Folder C:\Documents and Settings\Larry\Local Settings\Temp\~DFAFD1.tmp not found!
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\Z30L91L7\bannerad[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\Z30L91L7\view[2].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\H41EGR4W\[email protected][1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\H41EGR4W\ads[6].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\H41EGR4W\sh16[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\2N9AH55F\20100423193736[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\2N9AH55F\915975-computer-slows-then-loses-connectivity[1].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\2N9AH55F\ads[3].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\2N9AH55F\ads[4].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\Content.IE5\2N9AH55F\ads[5].htm moved successfully.
C:\Documents and Settings\Larry\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top