Solved Service pack 1 will not install

[Resolved] Service pack 1 will not install

I'm trying to help a friend with their pc. When I got it, it would not even boot into Windows. It appeared that it had been shutoff during an update. I was able to get it to boot into windows and it reversed the update that was in progress. Some updates have since applied successfully, but service pack 1 will not install. It keeps saying that some elements did not install properly so it reverts the update completely. I have installed Malwarebytes, Superantispyware and Avast, all have cleaned up quite a few items. I suspect that there may be more malware here that is preventing the SP update. I'm including the DDS logs for someone to have a look at.

DDS (Ver_10-03-17.01) - NTFSx86
Run by LuLu at 15:40:32.85 on Tue 08/31/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6000.0.1252.1.1033.18.767.232 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\ctfmon.exe
C:\Users\LuLu\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: FCToolbarURLSearchHook Class: {192e76ec-1f91-43ba-b5d8-e0f37b85c661} - c:\program files\dog wars ms\Helper.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Freecause Toolbar BHO: {9e9ee126-07bd-4fba-b8d4-b99ca35fa4d3} - c:\program files\dog wars ms\Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
TB: Dog Wars MS: {71870c4c-7f22-4ba9-a8a6-25a535cd6122} - c:\program files\dog wars ms\Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-30 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-30 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-30 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-30 40384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-30 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-30 40384]

=============== Created Last 30 ================

2010-08-31 15:17:23 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-31 15:16:53 0 d-----w- c:\users\lulu\appdata\roaming\SUPERAntiSpyware.com
2010-08-31 15:16:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 15:16:08 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-08-30 21:32:28 38848 ----a-w- c:\windows\avastSS.scr
2010-08-30 21:26:41 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-30 21:25:23 0 d-----w- c:\programdata\Alwil Software
2010-08-30 21:23:46 0 d-----w- c:\users\lulu\appdata\roaming\Malwarebytes
2010-08-30 21:23:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 21:23:24 0 d-----w- c:\programdata\Malwarebytes
2010-08-30 21:23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 21:23:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 21:22:18 0 d-----w- c:\programdata\TEMP
2010-08-30 21:22:09 0 d-----w- c:\program files\SpywareBlaster
2010-08-30 21:19:20 0 d-----w- C:\tmp
2010-08-21 16:34:27 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-08-21 16:34:19 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-21 16:34:19 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-08-21 16:34:19 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-20 18:08:04 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-20 16:21:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-20 16:21:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-20 16:21:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-20 16:21:10 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-20 16:21:09 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-20 16:21:05 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-08-20 16:21:03 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-08-20 16:21:03 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-08-20 16:20:59 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-20 16:20:59 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-20 16:20:59 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-08-20 16:20:59 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-20 16:20:59 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-08-20 16:20:59 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-20 16:20:35 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-08-20 16:19:33 97792 ----a-w- c:\windows\system32\cabview.dll
2010-08-20 16:11:52 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-08-20 16:11:51 272384 ----a-w- c:\windows\system32\schannel.dll

==================== Find3M ====================

2010-08-31 19:09:17 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-31 19:09:17 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-31 19:09:17 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-31 19:01:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-30 20:27:54 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-31 20:41:25 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-01-31 20:41:25 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-01-31 20:41:25 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:42:51.08 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 6/29/2009 5:11:11 PM
System Uptime: 8/31/2010 3:20:16 PM (0 hours ago)

Motherboard: Acer | | EM61SM/EM61PM
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket M2 | 1000/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 30.056 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 69.334 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP268: 8/31/2010 2:05:53 PM - Windows Vista Service Pack 1

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
avast! Free Antivirus
Dog Wars MS
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 SR-1 Standard
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
NVIDIA Drivers
Spelling Dictionaries Support For Adobe Reader 9
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

==== Event Viewer Messages From Past Week ========

8/31/2010 1:42:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Vista Service Pack 1 (KB936330).
8/30/2010 4:59:13 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance.
8/30/2010 4:59:13 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 12, function 0. Please contact your system vendor for technical assistance.
8/30/2010 4:59:13 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance.

==== End Of File ===========================

 

Hi Broni,

How long should the GMER utility run? It has been running most of the day so far, just wondering if that is usual.

 

Ok, going to have to power off the machine, it is hung up now and I can't even get task manager up to close the utility.

 

Here are the logs from Malwarebytes and mbrcheck;

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4521

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

9/1/2010 9:49:28 AM
mbam-log-2010-09-01 (09-49-28).txt

Scan type: Quick scan
Objects scanned: 140421
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Downloaded Program Files\myWebFaceInitialSetup1.0.1.2.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: (build 6000), 32-bit
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 138):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x804C6000 \SystemRoot\system32\kdcom.dll
0x804BD000 \SystemRoot\system32\PSHED.dll
0x804B5000 \SystemRoot\system32\BOOTVID.dll
0x8047A000 \SystemRoot\system32\CLFS.SYS
0x8071F000 \SystemRoot\system32\CI.dll
0x806A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8046D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8042A000 \SystemRoot\system32\drivers\acpi.sys
0x80421000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80419000 \SystemRoot\system32\drivers\msisadrv.sys
0x8067F000 \SystemRoot\system32\drivers\pci.sys
0x8040A000 \SystemRoot\system32\drivers\volmgr.sys
0x8066F000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\drivers\pciide.sys
0x80661000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80617000 \SystemRoot\System32\drivers\volmgrx.sys
0x8060F000 \SystemRoot\system32\drivers\atapi.sys
0x825E2000 \SystemRoot\system32\drivers\ataport.SYS
0x80602000 \SystemRoot\system32\drivers\nvstor.sys
0x825A2000 \SystemRoot\system32\drivers\storport.sys
0x82571000 \SystemRoot\system32\drivers\fltmgr.sys
0x82561000 \SystemRoot\system32\drivers\fileinfo.sys
0x8245D000 \SystemRoot\system32\drivers\ndis.sys
0x82432000 \SystemRoot\system32\drivers\msrpc.sys
0x827C7000 \SystemRoot\system32\drivers\NETIO.SYS
0x826BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82655000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8261F000 \SystemRoot\system32\drivers\volsnap.sys
0x8242A000 \SystemRoot\System32\Drivers\spldr.sys
0x8241B000 \SystemRoot\System32\drivers\partmgr.sys
0x8240C000 \SystemRoot\System32\Drivers\mup.sys
0x84BDB000 \SystemRoot\System32\drivers\ecache.sys
0x8260E000 \SystemRoot\system32\drivers\disk.sys
0x84BBA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82403000 \SystemRoot\system32\drivers\crcdisk.sys
0x88535000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88591000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x88526000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8851C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x884DF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x884D1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88F09000 \SystemRoot\system32\DRIVERS\smserial.sys
0x884C4000 \SystemRoot\system32\drivers\modem.sys
0x883F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x884B6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x884A4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8848C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x88459000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x896E0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x88E6C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8844C000 \SystemRoot\System32\drivers\watchdog.sys
0x88432000 \SystemRoot\system32\DRIVERS\serial.sys
0x88428000 \SystemRoot\system32\DRIVERS\serenum.sys
0x88410000 \SystemRoot\system32\DRIVERS\parport.sys
0x885BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x88405000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x88E61000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x88E36000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x88E2B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x88E14000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88E09000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x896BD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x896AE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8969B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89674000 \SystemRoot\system32\DRIVERS\termdd.sys
0x85459000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8964A000 \SystemRoot\system32\DRIVERS\ks.sys
0x89640000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89683000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A1CC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x88320000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A0E5000 \SystemRoot\system32\drivers\HdAudio.sys
0x8A0B8000 \SystemRoot\system32\drivers\portcls.sys
0x8A093000 \SystemRoot\system32\drivers\drmk.sys
0x88540000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x85517000 \SystemRoot\System32\Drivers\Null.SYS
0x854A7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A047000 \SystemRoot\System32\drivers\vga.sys
0x8A026000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x85552000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8555A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x89690000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A342000 \SystemRoot\System32\Drivers\Npfs.SYS
0x88549000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8A263000 \SystemRoot\System32\drivers\tcpip.sys
0x8A24A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A235000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A338000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x89F46000 \SystemRoot\system32\DRIVERS\smb.sys
0x89EFF000 \SystemRoot\system32\drivers\afd.sys
0x88210000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x89ECD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x89EB7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x89EA9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x89E96000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x89E74000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x882DC000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x89E39000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x89F5A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x89E22000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A20E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x88203000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89F64000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8540F000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x8A8DE000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x85455000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x90600000 \SystemRoot\System32\win32k.sys
0x89F6E000 \SystemRoot\System32\drivers\Dxapi.sys
0x934E1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93A00000 \SystemRoot\System32\TSDDD.dll
0x93A10000 \SystemRoot\System32\cdd.dll
0x93EB5000 \SystemRoot\system32\drivers\luafv.sys
0x93E9E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x885D0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x88370000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9560E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x960A6000 \SystemRoot\system32\drivers\spsys.sys
0x94B17000 \SystemRoot\system32\drivers\HTTP.sys
0x94A13000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95627000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9614C000 \SystemRoot\System32\drivers\mpsdrv.sys
0x961E0000 \SystemRoot\system32\drivers\mrxdav.sys
0x97812000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x984FF000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9613A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x984DB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9854B000 \SystemRoot\System32\DRIVERS\srv.sys
0x854D8000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x96B22000 \SystemRoot\system32\drivers\peauth.sys
0x89FA0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8A387000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96A0D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x98482000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x985AA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x97914000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77B10000 \Windows\System32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
428 csrss.exe
472 C:\Windows\System32\wininit.exe
480 csrss.exe
520 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
568 C:\Windows\System32\winlogon.exe
732 C:\Windows\System32\svchost.exe
788 C:\Windows\System32\nvvsvc.exe
804 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1132 C:\Windows\System32\SLsvc.exe
1184 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\rundll32.exe
1372 C:\Windows\System32\svchost.exe
1468 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1684 C:\Windows\System32\dwm.exe
1712 C:\Windows\explorer.exe
1856 C:\Program Files\Windows Defender\MSASCui.exe
1872 C:\Windows\System32\rundll32.exe
1908 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1932 C:\Program Files\Windows Sidebar\sidebar.exe
1972 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1332 C:\Windows\System32\spoolsv.exe
1296 C:\Windows\System32\taskeng.exe
1460 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\taskeng.exe
1176 C:\Program Files\Google\Update\GoogleUpdate.exe
2292 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\svchost.exe
2396 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\SearchIndexer.exe
2676 WUDFHost.exe
3824 C:\Windows\servicing\TrustedInstaller.exe
3936 C:\Windows\System32\ctfmon.exe
3596 <unknown>
2952 <unknown>
2072 C:\Users\LuLu\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`7098f400 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`e26b9e00 (NTFS)

PhysicalDrive0 Model Number: ST3160812AS, Rev: 3.AA

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

 

Here's the combofix log;

ComboFix 10-09-01.04 - LuLu 09/02/2010 16:08:10.1.1 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6000.0.1252.1.1033.18.767.225 [GMT -4:00]
Running from: c:\users\LuLu\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-09-02 20:27 . 2010-09-02 20:27 -------- d-----w- c:\users\Sam\AppData\Local\temp
2010-09-02 20:27 . 2010-09-02 20:27 -------- d-----w- c:\users\LuLu\AppData\Local\temp
2010-09-02 20:01 . 2010-09-02 20:01 -------- d-----w- C:\32788R22FWJFW
2010-08-31 15:17 . 2010-08-31 15:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-31 15:16 . 2010-08-31 17:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 15:16 . 2010-08-31 15:16 -------- d-----w- c:\users\LuLu\AppData\Roaming\SUPERAntiSpyware.com
2010-08-31 15:16 . 2010-08-31 15:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-30 21:32 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-30 21:26 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-30 21:26 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-30 21:26 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-30 21:26 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-30 21:26 . 2010-06-28 20:32 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-30 21:25 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-30 21:25 . 2010-08-30 21:25 -------- d-----w- c:\programdata\Alwil Software
2010-08-30 21:25 . 2010-08-30 21:25 -------- d-----w- c:\program files\Alwil Software
2010-08-30 21:23 . 2010-08-30 21:23 -------- d-----w- c:\users\LuLu\AppData\Roaming\Malwarebytes
2010-08-30 21:23 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-30 21:23 . 2010-08-30 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-08-30 21:23 . 2010-08-30 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-30 21:23 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-30 21:22 . 2010-08-30 21:22 -------- d-----w- c:\program files\SpywareBlaster
2010-08-30 21:19 . 2010-08-31 15:15 -------- d-----w- C:\tmp
2010-08-21 16:34 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-08-21 16:34 . 2009-11-03 13:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-21 16:34 . 2009-11-03 12:57 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-08-21 16:34 . 2009-11-03 10:37 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-20 18:08 . 2010-05-21 21:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-20 17:41 . 2010-08-20 17:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-20 16:21 . 2010-02-23 13:14 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-20 16:21 . 2010-02-23 13:14 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-20 16:21 . 2010-02-23 13:14 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-20 16:21 . 2010-02-18 14:54 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-20 16:21 . 2010-02-18 14:54 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-20 16:21 . 2010-03-04 19:24 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-08-20 16:20 . 2010-02-18 14:22 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-08-20 16:20 . 2010-02-18 14:19 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-08-20 16:20 . 2010-02-18 12:05 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-20 16:20 . 2010-02-18 12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-08-20 16:20 . 2010-02-18 12:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-08-20 16:20 . 2010-02-18 12:04 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-08-20 16:20 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-08-20 16:19 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll
2010-08-20 16:11 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-08-20 16:11 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 19:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-08-20 19:35 . 2010-02-27 21:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-20 18:06 . 2009-06-30 00:20 53536 ----a-w- c:\users\LuLu\AppData\Local\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{192e76ec-1f91-43ba-b5d8-e0f37b85c661} "= "c:\program files\Dog Wars MS\Helper.dll" [2009-08-29 201216]

[HKEY_CLASSES_ROOT\clsid\{192e76ec-1f91-43ba-b5d8-e0f37b85c661}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{B1D9BB39-C9DD-42B0-9299-0D989F992210}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E9EE126-07BD-4FBA-B8D4-B99CA35FA4D3}]
2009-08-29 22:34 1358848 ----a-w- c:\program files\Dog Wars MS\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{71870C4C-7F22-4BA9-A8A6-25A535CD6122} "= "c:\program files\Dog Wars MS\Toolbar.dll" [2009-08-29 1358848]

[HKEY_CLASSES_ROOT\clsid\{71870c4c-7f22-4ba9-a8a6-25a535cd6122}]
[HKEY_CLASSES_ROOT\FCTB000060467.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{ACAC5C65-802E-4FCC-B332-9E03C7CFB790}]
[HKEY_CLASSES_ROOT\FCTB000060467.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{71870C4C-7F22-4BA9-A8A6-25A535CD6122} "= "c:\program files\Dog Wars MS\Toolbar.dll" [2009-08-29 1358848]

[HKEY_CLASSES_ROOT\clsid\{71870c4c-7f22-4ba9-a8a6-25a535cd6122}]
[HKEY_CLASSES_ROOT\FCTB000060467.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{ACAC5C65-802E-4FCC-B332-9E03C7CFB790}]
[HKEY_CLASSES_ROOT\FCTB000060467.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-06-30 1232896]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-06 39408]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-31 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2009-06-30 1006264]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride "=dword:00000001
"AntiSpywareOverride "=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-08-31 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:29]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:29]
.
.
------- Supplementary Scan -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-02 16:27
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
Completion time: 2010-09-02 16:39:00
ComboFix-quarantined-files.txt 2010-09-02 20:38

Pre-Run: 31,480,692,736 bytes free
Post-Run: 30,658,420,736 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5F776E65EFBD426EAFADF72AD5DF1695

 

Here are the OTL logs;

OTL Extras logfile created on: 9/3/2010 12:28:15 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\LuLu\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 28.29 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 69.33 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LULU-PC
Current User Name: LuLu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17CB96FD-61F7-4D6F-AFC5-F1FC709F3780}" = protocol=6 | dir=in | app=c:\program files\dog wars ms\toolbarupdate.exe |
"{3D5B2C9A-9484-4EF4-9A50-D73F6DA2D477}" = protocol=6 | dir=in | app=c:\program files\dog wars ms\troubleshooter.exe |
"{7DBBCB7A-220F-4CC5-9DCF-A87EA846B818}" = protocol=17 | dir=in | app=c:\program files\dog wars ms\toolbarupdate.exe |
"{FE6E553E-FCBF-4AC4-9514-5DEB88FA248C}" = protocol=17 | dir=in | app=c:\program files\dog wars ms\troubleshooter.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast5" = avast! Free Antivirus
"Dog Wars MS" = Dog Wars MS
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/25/2010 10:09:56 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4102
Description = Windows license is invalid. Error 0xC004F012. Policy Value 0x00000000.

Error - 2/25/2010 10:10:30 AM | Computer Name = LuLu-PC | Source = Google Update | ID = 20
Description =

Error - 2/25/2010 10:10:48 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 2/25/2010 10:11:45 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4102
Description = Windows license is invalid. Error 0xC004F012. Policy Value 0x00000000.

Error - 2/25/2010 10:14:07 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4102
Description = Windows license is invalid. Error 0xC004F012. Policy Value 0x00000000.

Error - 2/25/2010 10:15:00 AM | Computer Name = LuLu-PC | Source = Google Update | ID = 20
Description =

Error - 2/25/2010 10:15:18 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 2/25/2010 10:16:21 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4102
Description = Windows license is invalid. Error 0xC004F012. Policy Value 0x00000000.

Error - 2/25/2010 10:18:24 AM | Computer Name = LuLu-PC | Source = SecurityCenter | ID = 3
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.

Error - 2/25/2010 10:37:49 AM | Computer Name = LuLu-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ System Events ]
Error - 9/1/2010 9:50:47 AM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 9/1/2010 4:20:50 PM | Computer Name = LuLu-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:43:14 PM on 9/1/2010 was unexpected.

Error - 9/2/2010 3:21:38 PM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 9/2/2010 3:21:38 PM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 9/2/2010 3:21:38 PM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.

Error - 9/2/2010 4:07:58 PM | Computer Name = LuLu-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/2/2010 4:27:23 PM | Computer Name = LuLu-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9/3/2010 12:05:28 PM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
9, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2010 12:05:28 PM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
11, function 0. Please contact your system vendor for technical assistance.

Error - 9/3/2010 12:05:28 PM | Computer Name = LuLu-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot
12, function 0. Please contact your system vendor for technical assistance.


< End of report >


OTL logfile created on: 9/3/2010 12:28:15 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\LuLu\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 215.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 28.29 Gb Free Space | 40.54% Space Free | Partition Type: NTFS
Drive D: | 69.51 Gb Total Space | 69.33 Gb Free Space | 99.75% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LULU-PC
Current User Name: LuLu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/03 12:26:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\LuLu\Desktop\OTL.exe
PRC - [2010/08/20 12:03:14 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/12/18 06:18:29 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/07/06 17:10:52 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/30 16:05:05 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/06/30 15:04:10 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/03 12:26:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\LuLu\Desktop\OTL.exe
MOD - [2006/11/02 05:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/06/30 16:05:05 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LuLu\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/08/31 13:34:54 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/06/20 03:04:00 | 007,468,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {192e76ec-1f91-43ba-b5d8-e0f37b85c661} - C:\Program Files\Dog Wars MS\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Freecause Toolbar BHO) - {9E9EE126-07BD-4FBA-B8D4-B99CA35FA4D3} - C:\Program Files\Dog Wars MS\Toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dog Wars MS) - {71870C4C-7F22-4BA9-A8A6-25A535CD6122} - C:\Program Files\Dog Wars MS\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dog Wars MS) - {71870C4C-7F22-4BA9-A8A6-25A535CD6122} - C:\Program Files\Dog Wars MS\Toolbar.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/03 12:26:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\LuLu\Desktop\OTL.exe
[2010/09/02 16:39:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/09/02 16:39:03 | 000,000,000 | ---D | C] -- C:\Users\LuLu\AppData\Local\temp
[2010/09/02 16:37:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/02 16:01:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/02 16:01:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/02 16:01:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/02 16:01:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/02 16:01:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/02 16:01:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/02 16:01:11 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/08/31 11:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/31 11:16:53 | 000,000,000 | ---D | C] -- C:\Users\LuLu\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/31 11:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/31 11:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/08/30 17:32:28 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/08/30 17:26:43 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/08/30 17:26:43 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/08/30 17:26:43 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/08/30 17:26:42 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/08/30 17:26:41 | 000,050,256 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/08/30 17:25:46 | 000,165,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/08/30 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/08/30 17:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/08/30 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\LuLu\AppData\Roaming\Malwarebytes
[2010/08/30 17:23:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/30 17:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/30 17:23:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/30 17:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/30 17:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/08/30 17:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/08/30 17:19:20 | 000,000,000 | ---D | C] -- C:\tmp
[2010/08/20 13:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 90 Days ==========

[2010/09/03 12:32:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/03 12:29:28 | 002,097,152 | -HS- | M] () -- C:\Users\LuLu\NTUSER.DAT
[2010/09/03 12:26:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\LuLu\Desktop\OTL.exe
[2010/09/03 12:14:07 | 000,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/03 12:14:07 | 000,618,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/03 12:14:07 | 000,103,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/03 12:12:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/03 12:06:25 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/03 12:06:25 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/03 12:05:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/03 12:05:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/03 12:05:36 | 804,839,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/02 17:24:51 | 001,786,358 | -H-- | M] () -- C:\Users\LuLu\AppData\Local\IconCache.db
[2010/09/02 16:27:41 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/02 15:57:16 | 003,830,422 | R--- | M] () -- C:\Users\LuLu\Desktop\ComboFix.exe
[2010/09/01 09:32:25 | 000,080,384 | ---- | M] () -- C:\Users\LuLu\Desktop\MBRCheck.exe
[2010/09/01 09:31:56 | 000,293,376 | ---- | M] () -- C:\Users\LuLu\Desktop\g08258gu.exe
[2010/08/31 15:30:43 | 000,525,824 | ---- | M] () -- C:\Users\LuLu\Desktop\dds.scr
[2010/08/31 11:17:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/30 17:32:29 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/08/30 17:26:43 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/30 17:23:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 17:22:11 | 000,000,816 | ---- | M] () -- C:\Users\LuLu\Desktop\SpywareBlaster.lnk
[2010/08/23 11:55:26 | 000,001,537 | ---- | M] () -- C:\Users\LuLu\Desktop\Windows Explorer.lnk
[2010/08/20 14:06:03 | 000,053,536 | ---- | M] () -- C:\Users\LuLu\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/20 14:03:46 | 000,247,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/20 13:42:47 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/20 12:02:22 | 000,000,947 | ---- | M] () -- C:\Users\LuLu\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/06/28 16:32:56 | 000,050,256 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2010/09/02 16:01:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/02 16:01:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/02 16:01:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/02 16:01:57 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/02 16:01:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/02 15:56:50 | 003,830,422 | R--- | C] () -- C:\Users\LuLu\Desktop\ComboFix.exe
[2010/09/01 09:32:24 | 000,080,384 | ---- | C] () -- C:\Users\LuLu\Desktop\MBRCheck.exe
[2010/09/01 09:31:46 | 000,293,376 | ---- | C] () -- C:\Users\LuLu\Desktop\g08258gu.exe
[2010/08/31 15:29:28 | 000,525,824 | ---- | C] () -- C:\Users\LuLu\Desktop\dds.scr
[2010/08/31 11:17:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/30 17:26:43 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/30 17:23:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/30 17:22:11 | 000,000,816 | ---- | C] () -- C:\Users\LuLu\Desktop\SpywareBlaster.lnk
[2010/08/23 11:55:26 | 000,001,537 | ---- | C] () -- C:\Users\LuLu\Desktop\Windows Explorer.lnk
[2010/08/20 13:41:18 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/29 21:00:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/09/02 17:25:19 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/04/25 17:09:57 | 000,003,380 | ---- | M] () -- C:\-20070425.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/09 16:35:30 | 000,443,912 | RHS- | M] () -- C:\bootmgr
[2009/06/29 20:45:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/09/02 16:39:01 | 000,011,120 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/03 12:05:36 | 804,839,424 | -HS- | M] () -- C:\hiberfil.sys
[2007/04/25 17:13:09 | 000,000,182 | ---- | M] () -- C:\MDisc.log
[2008/07/06 16:42:18 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2010/09/03 12:05:35 | 1118,765,056 | -HS- | M] () -- C:\pagefile.sys
[2007/04/25 17:12:48 | 000,000,166 | ---- | M] () -- C:\PCM.log
[2007/04/25 16:59:38 | 000,000,372 | ---- | M] () -- C:\RHDSetup.log
[2007/04/25 17:08:02 | 000,000,178 | ---- | M] () -- C:\setup.log
[2008/02/10 18:05:00 | 000,000,050 | ---- | M] () -- C:\tmp.bat
[2008/02/12 18:21:31 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 08:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:35:34 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 05:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/06/30 14:50:05 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/06/30 13:01:08 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2006/11/02 05:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 05:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

 

Here are the scan results;

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride scheduled to be deleted on reboot.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LuLu
->Temp folder emptied: 2706547 bytes
->Temporary Internet Files folder emptied: 185951335 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 80596 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sam
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1648587756 bytes
->Flash cache emptied: 82669 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48016 bytes
RecycleBin emptied: 17331433 bytes

Total Files Cleaned = 1,769.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LuLu
->Flash cache emptied: 0 bytes

User: Public

User: Sam
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09042010_134927

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiVirusOverride scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\AntiSpywareOverride scheduled to be deleted on reboot.


Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 5, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 05, 2010 16:39:10
Records in database: 4192575
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 263078
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:32:47

No threats found. Scanned area is clean.

Selected area has been scanned.

 

Well, the PC seems to be doing ok, except the service pack still will not install. I did some troubleshooting through MS support today. Seems the failure may be related to previous updates that failed, problem is there were a lot of updates that failed. It may end up being easier to format and reinstall than to try to figure this out.