Solved 'new to me' laptop infected with 'redirects'

Bearclaw · 2011/01/19

[Resolved] 'new to me' laptop infected with 'redirects'

I have 'inherited' an HP Pavillion dv6000 laptop. I am constantly getting sent to unwanted places no matter what browser is used. (Google, IE, Yahoo, all suffer) 'Amazonaws', 'mevio', 'premium services', and a few others have been noticed as culprits. I would greatly appreciate help with getting this garbage cleaned out, and learning ways to avoid getting these kind of gremlins in the future.

Thanks for any assistance!

Admin. · 2011/01/19

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

Bearclaw · 2011/01/19

Here are the logs from the various scans. GMER failed to complete a scan with 7 separate attempts, the last two with the file name changed. I made certain that AVAST was 'permanantly disabled' while making these efforts. I will try again if there is something I can change.

To the logs:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5557

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/19/2011 7:17:20 PM
mbam-log-2011-01-19 (19-17-20).txt

Scan type: Quick scan
Objects scanned: 147207
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 169):
0x8263E000 \SystemRoot\system32\ntkrnlpa.exe
0x8260B000 \SystemRoot\system32\hal.dll
0x8060D000 \SystemRoot\system32\kdcom.dll
0x80614000 \SystemRoot\system32\PSHED.dll
0x80625000 \SystemRoot\system32\BOOTVID.dll
0x8062D000 \SystemRoot\system32\CLFS.SYS
0x8066E000 \SystemRoot\system32\CI.dll
0x8074E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807CA000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87C08000 \SystemRoot\system32\drivers\acpi.sys
0x87C4E000 \SystemRoot\system32\drivers\WMILIB.SYS
0x87C57000 \SystemRoot\system32\drivers\msisadrv.sys
0x87C5F000 \SystemRoot\system32\drivers\pci.sys
0x87C86000 \SystemRoot\System32\drivers\partmgr.sys
0x87C95000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x87C98000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x87CA2000 \SystemRoot\system32\drivers\volmgr.sys
0x87CB1000 \SystemRoot\System32\drivers\volmgrx.sys
0x87CFB000 \SystemRoot\system32\drivers\pciide.sys
0x87D02000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87D10000 \SystemRoot\System32\drivers\mountmgr.sys
0x87D20000 \SystemRoot\system32\drivers\atapi.sys
0x87D28000 \SystemRoot\system32\drivers\ataport.SYS
0x87D46000 \SystemRoot\system32\drivers\fltmgr.sys
0x87D78000 \SystemRoot\system32\drivers\fileinfo.sys
0x87D88000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87E0A000 \SystemRoot\system32\drivers\ndis.sys
0x87F15000 \SystemRoot\system32\drivers\msrpc.sys
0x87F40000 \SystemRoot\system32\drivers\NETIO.SYS
0x88001000 \SystemRoot\System32\drivers\tcpip.sys
0x880EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88315000 \SystemRoot\system32\drivers\wd.sys
0x8831D000 \SystemRoot\system32\drivers\volsnap.sys
0x88356000 \SystemRoot\System32\Drivers\spldr.sys
0x8835E000 \SystemRoot\System32\Drivers\mup.sys
0x8836D000 \SystemRoot\System32\drivers\ecache.sys
0x88394000 \SystemRoot\system32\drivers\disk.sys
0x883A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x883C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x883EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88106000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8810F000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x883FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x883FE000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8811F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8812F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x88136000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88200000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8813F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x88149000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x88187000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88196000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x881AE000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BE0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BE9A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BEAA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BEB8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BED2000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BEE1000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BEF5000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8C20E000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8C30F000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C808000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CF4A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CFEB000 \SystemRoot\System32\drivers\watchdog.sys
0x8C3C8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CFF7000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8C3DB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BF46000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CFFC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C3E6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BF74000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8BF92000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x881B4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C3F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BFC1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BFD8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87F7B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x87F8A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x87F9E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x87FB3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CFFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87FC3000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87FED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x881F5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D40C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D441000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D452000 \SystemRoot\system32\drivers\CHDART.sys
0x8D482000 \SystemRoot\system32\drivers\portcls.sys
0x8D4AF000 \SystemRoot\system32\drivers\drmk.sys
0x8D4D4000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D603000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D706000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D7BB000 \SystemRoot\system32\drivers\modem.sys
0x8D7C8000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8D7D1000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8D512000 \SystemRoot\System32\Drivers\bthport.sys
0x8D7DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D7F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D592000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D5B3000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8D5DC000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8D5E6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8D809000 \SystemRoot\system32\drivers\btwavdt.sys
0x8D870000 \SystemRoot\system32\drivers\btwaudio.sys
0x8D8F0000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8D8F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D8FC000 \SystemRoot\System32\Drivers\Null.SYS
0x8D903000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D90A000 \SystemRoot\System32\drivers\vga.sys
0x8D916000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D937000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D93F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D947000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D952000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D960000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D969000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D97F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8D989000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D99D000 \SystemRoot\system32\drivers\afd.sys
0x8D9E5000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8DA0B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DA3D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DA53000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DA61000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DA74000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8DA96000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8DA9C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8DAD8000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DAE2000 \SystemRoot\System32\Drivers\dfsc.sys
0x8DAF9000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8DB40000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DB4D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8DB58000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95C70000 \SystemRoot\System32\win32k.sys
0x8DB60000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DB6A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95E90000 \SystemRoot\System32\TSDDD.dll
0x95EB0000 \SystemRoot\System32\cdd.dll
0x8DB79000 \SystemRoot\system32\drivers\luafv.sys
0x8DB94000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8DBCB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x9A40F000 \SystemRoot\system32\drivers\spsys.sys
0x9A4BF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A4CF000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A4F9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A503000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A516000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9A51F000 \SystemRoot\system32\drivers\HTTP.sys
0x9A58C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A5A9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A5C2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A5D7000 \SystemRoot\system32\drivers\mrxdav.sys
0x8DBD6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D407000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D440000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D458000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D480000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D4E6000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9D576000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9EC04000 \SystemRoot\system32\drivers\peauth.sys
0x9ECE2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9ECEC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9ECF8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9ED02000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77D90000 \Windows\System32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
608 C:\Windows\System32\wininit.exe
620 csrss.exe
656 C:\Windows\System32\services.exe
684 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\audiodg.exe
1184 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\SLsvc.exe
1232 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1492 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1880 C:\Windows\System32\spoolsv.exe
1912 C:\Windows\System32\svchost.exe
328 C:\Windows\System32\rundll32.exe
1408 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
948 C:\Program Files\Bonjour\mDNSResponder.exe
1568 C:\Windows\System32\svchost.exe
1952 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
604 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2120 C:\Windows\System32\svchost.exe
2132 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2356 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2368 C:\Program Files\SafeConnect\scManager.sys
2404 C:\Windows\System32\svchost.exe
2432 C:\Windows\System32\svchost.exe
2460 C:\Windows\System32\SearchIndexer.exe
2532 C:\Windows\System32\drivers\XAudio.exe
2568 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2836 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3108 C:\Windows\System32\taskeng.exe
3120 C:\Windows\System32\dwm.exe
3144 C:\Windows\explorer.exe
3220 C:\Windows\System32\taskeng.exe
3644 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3652 C:\Program Files\HP\QuickPlay\QPService.exe
3668 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3684 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3712 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3796 C:\Windows\System32\rundll32.exe
3820 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3912 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3948 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3968 C:\Program Files\Windows Sidebar\sidebar.exe
3976 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
3984 C:\Windows\ehome\ehtray.exe
3992 C:\Program Files\Windows Media Player\wmpnscfg.exe
4008 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4024 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
4032 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4040 C:\Program Files\SafeConnect\SCClient.exe
3888 C:\Windows\ehome\ehmsas.exe
280 WmiPrvSE.exe
4000 C:\Program Files\Windows Media Player\wmpnetwk.exe
3520 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
504 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
2784 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3768 WmiPrvSE.exe
3784 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3764 C:\Windows\System32\SearchProtocolHost.exe
1292 C:\Windows\System32\SearchFilterHost.exe
3032 C:\Users\Molly Flynn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`37cec200 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS100-10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Molly Flynn at 20:42:00.27 on Wed 01/19/2011
Internet Explorer: 8.0.6001.18999
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1192 [GMT -5:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Molly Flynn\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0 "
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: FirstViewer - hxxp://www.rod.dorchestercounty.net/alchemyweb/Components/FirstVwr.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {925B4A47-7F10-42CC-9934-98F1E078F675} - hxxp://www.perfectinterview.com/online/webcap.CAB
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-7 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-7 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-1-7 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-7 40384]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-16 136176]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-16 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-20 00:09:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 00:09:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 00:09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-19 05:18:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-19 04:54:57 98816 ----a-w- c:\windows\sed.exe
2011-01-19 04:54:57 89088 ----a-w- c:\windows\MBR.exe
2011-01-19 04:54:57 256512 ----a-w- c:\windows\PEV.exe
2011-01-19 04:54:57 161792 ----a-w- c:\windows\SWREG.exe
2011-01-18 14:44:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3ff056c7-5f1b-4c30-a6f0-2c5503374aeb}\mpengine.dll
2011-01-17 02:39:46 -------- d-----w- c:\users\molly flynn\{b618461c-11c0-40ff-af83-7f62c6f05cc9}
2011-01-17 02:38:18 -------- d-----w- c:\program files\common files\Logitech
2011-01-11 19:21:48 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:21:47 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2011-01-11 19:21:47 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll
2011-01-11 19:21:47 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2011-01-11 19:21:46 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll
2011-01-11 19:21:46 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2011-01-11 19:21:24 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-09 01:25:38 -------- d-----w- c:\program files\Windows Portable Devices
2011-01-09 00:52:34 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-01-09 00:52:32 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-09 00:52:32 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-09 00:50:43 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-01-09 00:48:39 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-01-09 00:48:39 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-01-09 00:48:38 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-01-08 23:15:16 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-01-08 19:34:14 -------- d-----w- c:\users\mollyf~1\appdata\roaming\SUPERAntiSpyware.com
2011-01-08 19:34:14 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-08 19:33:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-08 17:46:04 -------- d-----w- c:\windows\system32\eu-ES
2011-01-08 17:46:04 -------- d-----w- c:\windows\system32\ca-ES
2011-01-08 17:46:03 -------- d-----w- c:\windows\system32\vi-VN
2011-01-07 22:04:34 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-07 22:03:22 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 22:03:08 -------- d-----w- c:\progra~2\Alwil Software
2011-01-01 19:15:03 -------- d-s---w- c:\progra~2\Memeo
2011-01-01 19:02:22 -------- d-----w- c:\users\mollyf~1\appdata\local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}

==================== Find3M ====================

2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll

============= FINISH: 20:43:20.44 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/15/2007 12:59:42 AM
System Uptime: 1/19/2011 8:34:42 PM (0 hours ago)

Motherboard: Quanta | | 30CF
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-60 | Socket S1 | 800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 152.328 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.851 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0089
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0089
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Adobe Shockwave Player
Adobe Shockwave Player 11
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
avast! Free Antivirus
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
CDDRV_Installer
Cisco Systems VPN Client 5.0.00.0340
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
EA Link
ESU for Microsoft Vista
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPSSupply
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 23
KhalSetup
LabelPrint
LightScribe System Software 1.10.13.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
PSSWCORE
QuickPlay SlingPlayer 0.4.4
QuickTime
RealPlayer
RealUpgrade 1.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SafeConnect
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Slingbox Flash Tour
SlingPlayer
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
WD Diagnostics
WeatherBug Gadget

==== End Of File ===========================

broni · 2011/01/19

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

We need to double check your MBR...

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

Bearclaw · 2011/01/20

Bootkit remover was downloaded, extracted with the RAR tool you provided and 'run as administrator'... the Bootkit remover seems to work just as it should, black screen with the data displayed. However when I attempt to use the 'select all' (this highlights everything) then copy with 'ctrl C' and then copy to notepad, ('ctrl V'), nothing happens.

I could physically copy the data by typing it, or maybe a screen shot(?)... really don't know how to send that though...

Thank you for all the help so far!!

broni · 2011/01/20

You can either type it in here, or if you know how take a screenshot....

Upload screenshot file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):

Bearclaw · 2011/01/20

<c> 2009 eSage Lab

Program version: 1.2.0.0

OS Version Microsoft Vista Home Premium Edition Service Pack 2 (build 6 002), 32-bit

System volume is \\.\c:
\\.\c: -> \\.\PhysicalDrive0 at offset 0x00000000'00007e00
Boot sector MD5 is: df1c10548966c4f16c540ebf80ffd180

Size Device Name MBR Status
--------------------------------------------------------
232GB \\.\PhysicalDrive0 Unknown Boot Code

Unknown boot code has been found on some of your physical disks.

To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit

broni · 2011/01/20

OK, we have to fix your MBR...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

Bearclaw · 2011/01/20

The latest log from MBRCheck done after the 'booting from CD and removal' steps follows:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 169):
0x8264F000 \SystemRoot\system32\ntkrnlpa.exe
0x8261C000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80606000 \SystemRoot\system32\drivers\acpi.sys
0x8064C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80655000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065D000 \SystemRoot\system32\drivers\pci.sys
0x80684000 \SystemRoot\System32\drivers\partmgr.sys
0x80693000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80696000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806A0000 \SystemRoot\system32\drivers\volmgr.sys
0x806AF000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F9000 \SystemRoot\system32\drivers\pciide.sys
0x80700000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070E000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071E000 \SystemRoot\system32\drivers\atapi.sys
0x80726000 \SystemRoot\system32\drivers\ataport.SYS
0x80744000 \SystemRoot\system32\drivers\fltmgr.sys
0x80776000 \SystemRoot\system32\drivers\fileinfo.sys
0x80786000 \SystemRoot\System32\Drivers\ksecdd.sys
0x87C09000 \SystemRoot\system32\drivers\ndis.sys
0x87D14000 \SystemRoot\system32\drivers\msrpc.sys
0x87D3F000 \SystemRoot\system32\drivers\NETIO.SYS
0x87E01000 \SystemRoot\System32\drivers\tcpip.sys
0x87EEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88007000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88117000 \SystemRoot\system32\drivers\wd.sys
0x8811F000 \SystemRoot\system32\drivers\volsnap.sys
0x88158000 \SystemRoot\System32\Drivers\spldr.sys
0x88160000 \SystemRoot\System32\Drivers\mup.sys
0x8816F000 \SystemRoot\System32\drivers\ecache.sys
0x88196000 \SystemRoot\system32\drivers\disk.sys
0x881A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x881C8000 \SystemRoot\system32\drivers\crcdisk.sys
0x881F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87F06000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87F0F000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x881FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x88000000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x87F1F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87F2F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87F36000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x88002000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87F3F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87F49000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87F87000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x87F96000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x87FAE000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BC09000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BC96000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BCA6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BCB4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BCCE000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BCDD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BCF1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BE0C000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BF0D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C006000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8C748000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C7E9000 \SystemRoot\System32\drivers\watchdog.sys
0x8BFC6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C7F5000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8BFD9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BD42000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C7FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BFE4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BD70000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x8BD8E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BDBD000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BFEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x87FB4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x87FCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x87FEE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x87D7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x87D8E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x87DA3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C7FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x87DB3000 \SystemRoot\system32\DRIVERS\ks.sys
0x87DDD000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87DE7000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BC00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8CE03000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CE38000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8CE49000 \SystemRoot\system32\drivers\CHDART.sys
0x8CE79000 \SystemRoot\system32\drivers\portcls.sys
0x8CEA6000 \SystemRoot\system32\drivers\drmk.sys
0x8CECB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D007000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D10A000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D1BF000 \SystemRoot\system32\drivers\modem.sys
0x8D1CC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D1D5000 \SystemRoot\System32\Drivers\Null.SYS
0x8D1DC000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D1E3000 \SystemRoot\System32\drivers\vga.sys
0x8CF09000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CF2A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D1EF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D1F7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8CF41000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CF49000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CF54000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8CF5C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CF6A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8CF73000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CF89000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8CF93000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CFA7000 \SystemRoot\system32\drivers\afd.sys
0x8D000000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x805CD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D20C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D222000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D230000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8D23D000 \SystemRoot\System32\Drivers\bthport.sys
0x8D2BD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D2D0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8D2F2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8D2F8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D334000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D33E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D355000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8D37E000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8D3C5000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8D3CF000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8D600000 \SystemRoot\system32\drivers\btwavdt.sys
0x8D667000 \SystemRoot\system32\drivers\btwaudio.sys
0x8D6E7000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8D6EA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D70B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D718000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D723000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x958F0000 \SystemRoot\System32\win32k.sys
0x8D72B000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D735000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95B10000 \SystemRoot\System32\TSDDD.dll
0x95B30000 \SystemRoot\System32\cdd.dll
0x8D744000 \SystemRoot\system32\drivers\luafv.sys
0x8D75F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8D796000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x99E0E000 \SystemRoot\system32\drivers\spsys.sys
0x99EBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99ECE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99EF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99F02000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99F15000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x99F1E000 \SystemRoot\system32\drivers\HTTP.sys
0x99F8B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99FA8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99FC1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99FD6000 \SystemRoot\system32\drivers\mrxdav.sys
0x8D7A1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8D7C0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x881D1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D007000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9D02F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9D095000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x9D125000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9E606000 \SystemRoot\system32\drivers\peauth.sys
0x9E6E4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9E6EE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9E6FA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E704000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77380000 \Windows\System32\ntdll.dll

Processes (total 76):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
576 csrss.exe
628 C:\Windows\System32\wininit.exe
640 csrss.exe
672 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\winlogon.exe
896 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\nvvsvc.exe
984 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\audiodg.exe
1244 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\SLsvc.exe
1312 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1540 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1936 C:\Windows\System32\spoolsv.exe
1960 C:\Windows\System32\svchost.exe
748 C:\Windows\System32\rundll32.exe
1600 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1100 C:\Program Files\Bonjour\mDNSResponder.exe
2028 C:\Windows\System32\svchost.exe
1976 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2084 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2220 C:\Windows\System32\svchost.exe
2232 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2388 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2400 C:\Program Files\SafeConnect\scManager.sys
2436 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\svchost.exe
2492 C:\Windows\System32\SearchIndexer.exe
2584 C:\Windows\System32\drivers\XAudio.exe
2624 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2928 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
3180 C:\Windows\System32\dwm.exe
3204 C:\Windows\System32\taskeng.exe
3216 C:\Windows\explorer.exe
3296 C:\Windows\System32\taskeng.exe
3640 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
3648 C:\Program Files\HP\QuickPlay\QPService.exe
3668 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
3740 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3796 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3856 C:\Windows\System32\rundll32.exe
3936 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3952 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3964 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3984 C:\Program Files\Windows Sidebar\sidebar.exe
3992 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
4028 C:\Windows\ehome\ehtray.exe
4036 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4044 C:\Program Files\Windows Media Player\wmpnscfg.exe
4052 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4060 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
4076 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
4084 C:\Program Files\SafeConnect\SCClient.exe
2376 WmiPrvSE.exe
2652 C:\Windows\ehome\ehmsas.exe
1336 C:\Program Files\Windows Media Player\wmpnetwk.exe
2512 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
3056 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
828 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1192 C:\Program Files\Internet Explorer\iexplore.exe
2320 C:\Program Files\Internet Explorer\iexplore.exe
2872 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
3660 C:\Program Files\Internet Explorer\iexplore.exe
5960 C:\Windows\System32\SearchProtocolHost.exe
6008 C:\Windows\System32\SearchFilterHost.exe
4500 C:\Users\Molly Flynn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`37cec200 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM250JI, Rev: HS100-10

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2011/01/20

Good job

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

Bearclaw · 2011/01/20

The report from Rootkit Unhooker follows:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C006000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7610368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.13 )
0x8264F000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8264F000 PnpManager 3903488 bytes
0x8264F000 RAW 3903488 bytes
0x8264F000 WMIxWDM 3903488 bytes
0x958F0000 Win32k 2109440 bytes
0x958F0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88007000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x87C09000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D007000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8BE0C000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 1052672 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x87E01000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80464000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x9E606000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8BF0D000 C:\Windows\system32\DRIVERS\athr.sys 757760 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x8D10A000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x99E0E000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C748000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9D095000 C:\Windows\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0x8BC09000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D23D000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x8D667000 C:\Windows\system32\drivers\btwaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x80544000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x80786000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x99F1E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8D600000 C:\Windows\system32\drivers\btwavdt.sys 421888 bytes (Broadcom Corporation., Broadcom Bluetooth AVDT Service)
0x8BCF1000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x9D02F000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x806AF000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CFA7000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8D37E000 C:\Windows\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0x80606000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80423000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8BDBD000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8CECB000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x87F49000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D2F8000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x87D3F000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8D7C0000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8811F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D75F000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8CE03000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8261C000 ACPI_HAL 208896 bytes
0x8261C000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80744000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x805CD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8CE49000 C:\Windows\system32\drivers\CHDART.sys 196608 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8BD8E000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8BD42000 C:\Windows\system32\DRIVERS\SynTP.sys 188416 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8CE79000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x87D14000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x87DB3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x99ECE000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8D355000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0x9D007000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8816F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8065D000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8CEA6000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x87FCB000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D2D0000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x881A7000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x99FD6000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D6EA000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8CF09000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8D7A1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80726000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8BD70000 C:\Windows\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0x99F8B000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87EEB000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D744000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8D3CF000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x8BCB4000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x99FA8000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x87F96000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x881D1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D33E000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x87FB4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CF2A000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x9E704000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D20C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8CF73000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x99FC1000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x87D8E000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x87D7A000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BCDD000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8CF93000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8BFC6000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x99F02000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D2BD000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88196000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CE38000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040A000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x87F0F000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x80776000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x87F1F000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x99EBE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8070E000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8BC96000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x87DA3000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8D735000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88160000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80684000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x87FEE000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8BCCE000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x87F87000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x806A0000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8BCA6000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95B30000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D222000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8CF5C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x80700000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D230000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x8D70B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D1BF000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x87DE7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805C0000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x9E6EE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D1E3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C7E9000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D718000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8BFD9000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BFE4000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CF49000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8BE00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8BFEF000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x881F1000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8CF89000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x80696000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D3C5000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x8D72B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x87DDD000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x99EF8000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D334000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9E6E4000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x87F3F000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x99F15000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x881C8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D1CC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D1F7000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8BC00000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9E71A000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8CF6A000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95B10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x87F06000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x87F36000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8064C000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8071E000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8041B000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8D723000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x8CF54000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80655000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D1EF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CF41000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88158000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88117000 C:\Windows\system32\drivers\wd.sys 32768 bytes (Microsoft Corporation, Microsoft Watchdog Timer Driver)
0x9E6FA000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D1DC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x87F2F000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80403000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D1D5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F9000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x87FAE000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8D2F2000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8D000000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8C7F5000 C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20480 bytes (Hewlett-Packard Development Company, L.P., HpqKbFiltr Keyboard Filter Driver)
0x881FC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9D125000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8D796000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x8D6E7000 C:\Windows\system32\DRIVERS\btwrchid.sys 12288 bytes (Broadcom Corporation., Bluetooth Remote Control HID Minidriver)
0x80693000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x88002000 C:\Windows\system32\DRIVERS\nvsmu.sys 12288 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) SMU Microcontroller Driver)
0x88000000 C:\Windows\system32\DRIVERS\HpqRemHid.sys 8192 bytes (Hewlett-Packard Development Company, L.P., HP Remote Control HID Device)
0x8C7FC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C7FA000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x00BC0000 Hidden Image-->HP.ActiveSupportLibrary.dll [ EPROCESS 0x849482A0 ] PID: 828, 94208 bytes

broni · 2011/01/20

Good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Bearclaw · 2011/01/21

ComboFix 11-01-20.01 - Molly Flynn 01/21/2011 0:36.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1106 [GMT -5:00]
Running from: c:\users\Molly Flynn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-21 to 2011-01-21 )))))))))))))))))))))))))))))))
.

2011-01-21 05:52 . 2011-01-21 05:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-20 17:18 . 2011-01-20 17:33 -------- d-----w- c:\users\Molly Flynn\AppData\Local\QuickStores
2011-01-20 17:17 . 2011-01-20 17:18 -------- d-----w- c:\program files\aTube Catcher
2011-01-20 05:38 . 2011-01-20 05:38 -------- d-----w- c:\program files\7-Zip
2011-01-20 00:09 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-20 00:09 . 2011-01-20 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-20 00:09 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 14:44 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FF056C7-5F1B-4C30-A6F0-2C5503374AEB}\mpengine.dll
2011-01-17 02:39 . 2011-01-17 02:39 -------- d-----w- c:\users\Molly Flynn\{b618461c-11c0-40ff-af83-7f62c6f05cc9}
2011-01-17 02:38 . 2011-01-17 02:42 -------- d-----w- c:\program files\Logitech
2011-01-17 02:38 . 2011-01-17 02:39 -------- d-----w- c:\program files\Common Files\Logitech
2011-01-11 19:21 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:21 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 19:21 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 19:21 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 19:21 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 19:21 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 19:21 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-09 01:25 . 2011-01-09 01:25 -------- d-----w- c:\program files\Windows Portable Devices
2011-01-09 00:52 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-01-09 00:52 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-09 00:52 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-09 00:50 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-01-09 00:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-01-09 00:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-01-09 00:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-01-08 23:15 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-01-08 21:54 . 2011-01-08 21:54 -------- d-----w- c:\users\Molly Flynn\AppData\Roaming\muvee Technologies
2011-01-08 19:34 . 2011-01-08 19:34 -------- d-----w- c:\users\Molly Flynn\AppData\Roaming\SUPERAntiSpyware.com
2011-01-08 19:34 . 2011-01-08 19:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-08 19:33 . 2011-01-15 00:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-08 17:46 . 2011-01-08 17:46 -------- d-----w- c:\windows\system32\ca-ES
2011-01-08 17:46 . 2011-01-08 17:46 -------- d-----w- c:\windows\system32\eu-ES
2011-01-08 17:46 . 2011-01-08 17:46 -------- d-----w- c:\windows\system32\vi-VN
2011-01-07 22:04 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-07 22:04 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 22:04 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-07 22:04 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-07 22:04 . 2011-01-13 08:37 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-07 22:03 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 22:03 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-07 22:03 . 2011-01-07 22:03 -------- d-----w- c:\programdata\Alwil Software
2011-01-07 22:03 . 2011-01-07 22:03 -------- d-----w- c:\program files\Alwil Software
2011-01-01 19:15 . 2011-01-01 19:15 -------- d-s---w- c:\programdata\Memeo
2011-01-01 19:02 . 2011-01-01 19:02 -------- d-----w- c:\users\Molly Flynn\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 00:16 . 2010-11-13 00:16 40960 ----a-r- c:\users\Molly Flynn\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2010-11-12 23:53 . 2010-04-27 20:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 18:56 . 2010-12-20 22:08 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-20 22:08 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-20 22:08 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-20 22:08 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-20 22:08 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-20 22:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-20 22:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-20 22:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-20 22:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:57 . 2010-12-20 22:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:01 . 2010-12-20 22:08 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-20 22:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-20 22:08 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-20 22:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-20 22:08 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-20 22:07 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-07 39408]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-15 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-17 202256]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-12-3 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
"HideFastUserSwitching "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 00:16]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 00:16]

2011-01-21 c:\windows\Tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job
- c:\windows\system32\msfeedssync.exe [2010-12-20 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: FirstViewer - hxxp://www.rod.dorchestercounty.net/alchemyweb/Components/FirstVwr.CAB
DPF: {925B4A47-7F10-42CC-9934-98F1E078F675} - hxxp://www.perfectinterview.com/online/webcap.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-21 00:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4452)
c:\windows\system32\btmmhook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2011-01-21 00:57:02
ComboFix-quarantined-files.txt 2011-01-21 05:56
ComboFix2.txt 2011-01-19 05:18

Pre-Run: 163,392,397,312 bytes free
Post-Run: 163,389,833,216 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - BD02466976AB05F764D713B612FCBD4E

broni · 2011/01/21

I can see, you ran Combofix yesterday.
Navigate to C:\Qoobox and post ComboFix2.txt log.
The current log looks fine.

Bed time here, so I'll check on you tomorrow

Bearclaw · 2011/01/21

hope you had a restful nap! Below is the log file you desired!

ComboFix 11-01-18.03 - Molly Flynn 01/18/2011 23:57:29.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.1982.916 [GMT -5:00]
Running from: c:\users\Molly Flynn\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2010-12-19 to 2011-01-19 )))))))))))))))))))))))))))))))
.

2011-01-19 05:13 . 2011-01-19 05:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-18 14:44 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FF056C7-5F1B-4C30-A6F0-2C5503374AEB}\mpengine.dll
2011-01-17 02:39 . 2011-01-17 02:39 -------- d-----w- c:\users\Molly Flynn\{b618461c-11c0-40ff-af83-7f62c6f05cc9}
2011-01-17 02:38 . 2011-01-17 02:42 -------- d-----w- c:\program files\Logitech
2011-01-17 02:38 . 2011-01-17 02:39 -------- d-----w- c:\program files\Common Files\Logitech
2011-01-11 19:21 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:21 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 19:21 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 19:21 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 19:21 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 19:21 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 19:21 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-09 01:25 . 2011-01-09 01:25 -------- d-----w- c:\program files\Windows Portable Devices
2011-01-09 00:52 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-01-09 00:52 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-01-09 00:52 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-01-09 00:50 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-01-09 00:48 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-01-09 00:48 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-01-09 00:48 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-01-08 23:15 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-01-08 21:54 . 2011-01-08 21:54 -------- d-----w- c:\users\Molly Flynn\AppData\Roaming\muvee Technologies
2011-01-08 19:34 . 2011-01-08 19:34 -------- d-----w- c:\users\Molly Flynn\AppData\Roaming\SUPERAntiSpyware.com
2011-01-08 19:34 . 2011-01-08 19:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-08 19:33 . 2011-01-15 00:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-08 17:46 . 2011-01-08 17:46 -------- d-----w- c:\windows\system32\ca-ES
2011-01-08 17:46 . 2011-01-08 17:46 -------- d-----w- c:\windows\system32\eu-ES
2011-01-08 17:46 . 2011-01-08 17:46 -------- d-----w- c:\windows\system32\vi-VN
2011-01-07 22:04 . 2010-12-31 20:00 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-07 22:04 . 2010-12-31 19:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-07 22:04 . 2010-12-31 19:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-07 22:04 . 2010-12-31 19:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-07 22:04 . 2010-12-31 19:56 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-07 22:03 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 22:03 . 2010-12-31 20:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-07 22:03 . 2011-01-07 22:03 -------- d-----w- c:\programdata\Alwil Software
2011-01-07 22:03 . 2011-01-07 22:03 -------- d-----w- c:\program files\Alwil Software
2011-01-01 19:15 . 2011-01-01 19:15 -------- d-s---w- c:\programdata\Memeo
2011-01-01 19:02 . 2011-01-01 19:02 -------- d-----w- c:\users\Molly Flynn\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
2010-12-20 22:09 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-20 22:09 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-20 22:09 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-20 22:09 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-20 22:07 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-20 22:04 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 00:16 . 2010-11-13 00:16 40960 ----a-r- c:\users\Molly Flynn\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-07 39408]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-15 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-17 202256]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"avast5 "= "c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-12-3 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
"HideFastUserSwitching "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 06:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 51280]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*NewlyCreated* - UXLDAPOG
*Deregistered* - klmd25
*Deregistered* - uxldapog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 00:16]

2011-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-17 00:16]

2011-01-19 c:\windows\Tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job
- c:\windows\system32\msfeedssync.exe [2010-12-20 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: FirstViewer - hxxp://www.rod.dorchestercounty.net/alchemyweb/Components/FirstVwr.CAB
DPF: {925B4A47-7F10-42CC-9934-98F1E078F675} - hxxp://www.perfectinterview.com/online/webcap.CAB
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-19 00:13
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
Completion time: 2011-01-19 00:18:02
ComboFix-quarantined-files.txt 2011-01-19 05:17

Pre-Run: 170,169,925,632 bytes free
Post-Run: 169,581,617,152 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 2F3110ECE666731674B4D1888C7A14EC

broni · 2011/01/21

OK...

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Bearclaw · 2011/01/21

Hi, the computer is running fine, still having the 'redirects' show up. They are always showing up when getting on this site! Reckon someone feels this is a real 'target rich environment'!

OK, the OTL scan results are below:

OTL.txt

OTL logfile created on: 1/21/2011 10:06:30 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Molly Flynn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.87 Gb Total Space | 150.82 Gb Free Space | 68.28% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.85 Gb Free Space | 15.41% Space Free | Partition Type: NTFS

Computer Name: MOLLYFLYNN-PC | User Name: Molly Flynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
PRC - [2011/01/14 19:33:20 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/07 18:11:36 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2011/01/07 18:11:26 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/11/11 14:18:29 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/11/11 14:18:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/08/16 19:26:37 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/15 03:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/09/05 16:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 16:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

========== Modules (SafeList) ==========

MOD - [2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/11 14:18:28 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/03 16:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/12/04 02:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/18 08:12:28 | 000,080,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/09/18 08:12:28 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/09/18 08:12:28 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/09/15 03:50:56 | 000,191,408 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/09 17:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/11 13:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 09:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 06:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 06:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 06:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 18:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/04/03 16:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 21:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 16:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 21:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 19:32:21 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/01/19 00:13:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Reg Error: Value error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {925B4A47-7F10-42CC-9934-98F1E078F675} http://www.perfectinterview.com/online/webcap.CAB (WebCap.VidCap)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: FirstViewer http://www.rod.dorchestercounty.net/alchemyweb/Components/FirstVwr.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.105 213.109.73.9 209.18.47.61
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/05 23:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/21 22:01:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
[2011/01/21 00:57:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/21 00:55:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/21 00:32:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/20 20:43:17 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\NTBR_CD
[2011/01/20 12:18:10 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Local\QuickStores
[2011/01/20 12:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2011/01/20 12:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\aTube Catcher
[2011/01/20 10:52:49 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Molly Flynn\Desktop\remover.exe
[2011/01/20 00:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\BBS Logs
[2011/01/19 19:54:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
[2011/01/19 19:09:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/19 19:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/19 19:09:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/19 19:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/19 19:06:52 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/18 23:54:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/18 23:54:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/18 23:54:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/18 23:54:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/18 23:53:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/18 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Desktop\tdsskiller
[2011/01/16 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\{b618461c-11c0-40ff-af83-7f62c6f05cc9}
[2011/01/16 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/01/16 21:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2011/01/13 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/01/08 20:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/01/08 16:54:39 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Documents\My muvees
[2011/01/08 16:54:36 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Roaming\muvee Technologies
[2011/01/08 16:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/01/08 16:53:16 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\Documents\CyberLink
[2011/01/08 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/08 14:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/08 14:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/08 14:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/08 14:33:04 | 009,953,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
[2011/01/08 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/01/08 12:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/01/08 12:46:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/01/07 17:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/01/07 17:04:38 | 000,294,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/07 17:04:38 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/07 17:04:37 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/07 17:04:36 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/07 17:04:34 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/07 17:03:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/01/07 17:03:21 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/07 17:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011/01/07 17:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/01 14:15:03 | 000,000,000 | --SD | C] -- C:\ProgramData\Memeo
[2011/01/01 14:02:22 | 000,000,000 | ---D | C] -- C:\Users\Molly Flynn\AppData\Local\{9E5C7B4F-5A46-458E-9BAE-0001A6640C4A}
[1 C:\Users\Molly Flynn\Desktop\*.tmp files -> C:\Users\Molly Flynn\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/21 22:15:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job
[2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
[2011/01/21 21:50:33 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/01/21 21:49:51 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/01/21 21:48:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/21 21:47:48 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 21:47:48 | 000,004,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/21 21:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/21 21:47:30 | 2079,137,792 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/21 21:47:28 | 161,494,286 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/21 20:13:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/01/21 15:32:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/21 14:13:11 | 000,027,136 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/21 00:32:30 | 004,158,707 | R--- | M] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
[2011/01/21 00:31:52 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/01/20 23:25:14 | 000,133,632 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
[2011/01/20 20:36:39 | 002,565,432 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
[2011/01/20 12:18:09 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2011/01/20 00:36:20 | 001,110,476 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
[2011/01/20 00:31:06 | 000,039,605 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\bootkit_remover.rar
[2011/01/19 20:02:56 | 000,624,128 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\dds.scr
[2011/01/19 19:54:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
[2011/01/19 19:26:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/01/19 19:09:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 19:06:53 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/19 10:58:08 | 000,083,233 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\Andi-2010 Christmas.jpg
[2011/01/19 00:13:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/18 22:54:27 | 001,236,025 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\tdsskiller.zip
[2011/01/18 22:53:19 | 000,080,384 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
[2011/01/18 22:52:39 | 000,296,448 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
[2011/01/17 14:53:06 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/17 14:53:06 | 000,107,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/16 21:52:20 | 000,002,627 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\Microsoft Office Word 2007.lnk
[2011/01/13 10:30:16 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/01/13 03:37:19 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/01/08 20:09:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/01/08 20:07:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/01/08 14:33:58 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/08 14:33:10 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
[2011/01/08 12:51:20 | 000,312,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/07 17:04:39 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/07 17:01:27 | 051,515,288 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
[2011/01/07 13:12:31 | 000,017,240 | ---- | M] () -- C:\Windows\cfgall.ini
[2011/01/07 12:26:18 | 000,000,680 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Local\d3d9caps.dat
[2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Users\Molly Flynn\Desktop\*.tmp files -> C:\Users\Molly Flynn\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/20 23:25:01 | 000,133,632 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
[2011/01/20 20:36:35 | 002,565,432 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
[2011/01/20 12:18:09 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2011/01/20 00:36:16 | 001,110,476 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
[2011/01/20 00:31:05 | 000,039,605 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\bootkit_remover.rar
[2011/01/19 20:27:54 | 161,494,286 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/01/19 20:02:47 | 000,624,128 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\dds.scr
[2011/01/19 19:09:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/19 10:59:43 | 000,083,233 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\Andi-2010 Christmas.jpg
[2011/01/18 23:54:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/18 23:54:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/18 23:54:57 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/18 23:54:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/18 23:54:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/18 22:57:27 | 004,158,707 | R--- | C] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
[2011/01/18 22:54:13 | 001,236,025 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\tdsskiller.zip
[2011/01/18 22:53:18 | 000,080,384 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
[2011/01/18 22:52:32 | 000,296,448 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
[2011/01/08 20:09:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/01/08 20:07:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/01/08 14:33:58 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/07 17:04:39 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/01/07 17:01:22 | 051,515,288 | ---- | C] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
[2010/04/30 11:29:22 | 000,000,680 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\d3d9caps.dat
[2009/11/15 12:42:47 | 000,000,018 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\msesbucf.txt
[2009/10/05 17:56:27 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\FnF4.txt
[2009/09/21 11:00:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/14 15:41:58 | 000,017,240 | ---- | C] () -- C:\Windows\cfgall.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/02/16 09:22:05 | 000,028,409 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/16 09:22:04 | 000,028,409 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/01/21 13:56:27 | 000,027,136 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/21 13:23:10 | 000,027,905 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Roaming\nvModes.001
[2008/01/21 00:57:04 | 000,027,905 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Roaming\nvModes.dat
[2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\QSwitch.txt
[2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\DSwitch.txt
[2008/01/20 18:01:23 | 000,000,000 | ---- | C] () -- C:\Users\Molly Flynn\AppData\Local\AtStart.txt
[2007/12/15 01:08:09 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/05 23:51:03 | 000,001,394 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/09/05 15:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/04/03 16:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 17:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2011/01/08 16:54:44 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\muvee Technologies
[2008/01/28 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\PlayFirst
[2008/01/27 13:32:44 | 000,000,000 | ---D | M] -- C:\Users\Molly Flynn\AppData\Roaming\WildTangent
[2011/01/21 20:13:32 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/21 22:15:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B3670ADD-923C-4517-B4CF-2A549BC92919}.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2007/12/05 23:36:21 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/01/21 00:57:03 | 000,014,410 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/21 21:47:30 | 2079,137,792 | -HS- | M] () -- C:\hiberfil.sys
[2007/12/05 23:12:25 | 000,000,371 | -H-- | M] () -- C:\IPH.PH
[2011/01/21 21:47:28 | 2393,034,752 | -HS- | M] () -- C:\pagefile.sys
[2011/01/18 23:52:46 | 000,062,012 | ---- | M] () -- C:\TDSSKiller.2.4.14.0_18.01.2011_23.52.07_log.txt
[2008/12/26 15:30:14 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/01/08 12:25:37 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 02:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/12/31 15:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/02/25 10:24:07 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >
[2010/11/29 21:25:02 | 000,000,000 | ---D | M] -- C:\Program Files\ExamSoft\SofTest\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/20 19:11:28 | 000,000,286 | -HS- | M] () -- C:\Users\Molly Flynn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/09/17 09:35:12 | 000,000,072 | ---- | M] () -- C:\Users\Molly Flynn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Write on Nichole's Wall.url

< %USERPROFILE%\Desktop\*.exe >
[2011/01/20 00:36:20 | 001,110,476 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\7z920.exe
[2011/01/21 00:32:30 | 004,158,707 | R--- | M] () -- C:\Users\Molly Flynn\Desktop\ComboFix.exe
[2011/01/18 22:52:39 | 000,296,448 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\gmer2.exe
[2011/01/07 18:08:06 | 002,302,184 | ---- | M] (Google Inc.) -- C:\Users\Molly Flynn\Desktop\GoogleToolbarInstaller_en32_signed.exe
[2011/01/19 19:06:53 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Molly Flynn\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/18 22:53:19 | 000,080,384 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\MBRCheck.exe
[2011/01/20 20:36:39 | 002,565,432 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\NTBR_CD.exe
[2011/01/21 22:01:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Molly Flynn\Desktop\remover.exe
[2011/01/20 23:25:14 | 000,133,632 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\RKUnhookerLE.EXE
[2010/11/23 19:50:46 | 001,334,040 | ---- | M] (Impulse Point, LLC) -- C:\Users\Molly Flynn\Desktop\ServiceInstaller.exe
[2011/01/07 17:01:27 | 051,515,288 | ---- | M] () -- C:\Users\Molly Flynn\Desktop\setup_av_free.exe
[2011/01/08 14:33:10 | 009,953,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Molly Flynn\Desktop\SUPERAntiSpyware.exe
[2011/01/19 19:54:30 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Molly Flynn\Desktop\TFC.exe
[1 C:\Users\Molly Flynn\Desktop\*.tmp files -> C:\Users\Molly Flynn\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/01/20 18:00:41 | 000,000,402 | -HS- | M] () -- C:\Users\Molly Flynn\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/04/05 17:26:25 | 000,001,394 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/01/21 21:49:51 | 000,028,409 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Bearclaw · 2011/01/21

Extras.txt

OTL Extras logfile created on: 1/21/2011 10:06:30 PM - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Molly Flynn\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.87 Gb Total Space | 150.82 Gb Free Space | 68.28% Space Free | Partition Type: NTFS
Drive D: | 12.01 Gb Total Space | 1.85 Gb Free Space | 15.41% Space Free | Partition Type: NTFS

Computer Name: MOLLYFLYNN-PC | User Name: Molly Flynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15F9A471-8027-46D7-B87D-3B00E00613F1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{2EF8937C-9F31-4052-B318-EB483C224F8F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{91A75295-0124-4C6E-826E-21EC7C34F11D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9AAE3075-B0CD-42DE-9FE1-D5244852D4C2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A05FB586-D35D-42BA-B60A-8CA39CEDDFF6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B269EB35-F069-4440-A758-730AFE76413C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{B53655B4-6403-4A16-BB77-041FD462C49C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ED30B36D-B975-4081-B70B-75E4BFF4876F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F299A227-83ED-4FAC-9F1F-E66306A79A1F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{08EF11C7-68E6-490C-A5F5-75D0795BC576}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{F1412EBB-0425-4D31-92BC-2872B525C428}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1D8941DC-B862-4954-AE65-36788D44D453}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4E93423F-1C58-4C3D-8739-8AD0E1C05975}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 23
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"aTube Catcher" = aTube Catcher
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"SafeConnect" = SafeConnect
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/01/21

still having the 'redirects' show up. They are always showing up when getting on this site
Click to expand...

I can see, your DNS has been hijacked.
Let's see, if we can fix it in this step.

================================================================

We need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-653297460-3737801789-3958732361-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlcm.cab (Reg Error: Value error.)
O16 - DPF: FirstViewer http://www.rod.dorchestercounty.net/...s/FirstVwr.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.64.105 213.109.73.9 209.18.47.61
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[1 C:\Users\Molly Flynn\Desktop\*.tmp files -> C:\Users\Molly Flynn\Desktop\*.tmp -> ]


:Files
ipconfig /flushdns /c


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.

Bearclaw · 2011/01/21

All processes killed
========== OTL ==========
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-653297460-3737801789-3958732361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {44990B00-3C9D-426D-81DF-AAB636FA4345}
C:\Windows\Downloaded Program Files\tgctlcm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control FirstViewer
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\FirstViewer\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\FirstViewer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\FirstViewer\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Molly Flynn\Desktop\~WRL0005.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Molly Flynn\Desktop\cmd.bat deleted successfully.
C:\Users\Molly Flynn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Molly Flynn
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8624953 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6462200 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12857 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5460 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Molly Flynn
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.3 log created on 01212011_234839

Files\Folders moved on Reboot...
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O07HY5P2\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O07HY5P2\audmeasure[1].gif moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O07HY5P2\launch[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O07HY5P2\openmail.app[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O07HY5P2\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O07HY5P2\yourphone24_com[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCZQVV62\;ord=523961598[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCZQVV62\blank[1].html moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCZQVV62\blank[2].html moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCZQVV62\fc[2].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCZQVV62\p-01-0VIaSjnOLg[3].gif moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M5JFYW9\97424-active-new-me-laptop-infected-redirects-2[1].html moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M5JFYW9\blank[1].html moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M5JFYW9\frame[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M5JFYW9\showbanner[3].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8M5JFYW9\st[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Y1JUQWQ\audmeasure[1].gif moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Y1JUQWQ\openmail.app[1].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Y1JUQWQ\searchTrack[4].htm moved successfully.
C:\Users\Molly Flynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Log in or Sign up

Solved 'new to me' laptop infected with 'redirects'

Bearclaw Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved 'new to me' laptop infected with 'redirects'

Bearclaw Well-Known Member Thread Starter

Admin. Administrator Administrator Staff

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

Bearclaw Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bearclaw Well-Known Member Thread Starter

Share This Page

Useful Searches