TechSpot

[A] DDS won't run to create report

By allandncr
Aug 1, 2012
  1. I'm putting together the malware reports. MBAM and GMER ran and created reports. DDS.com does not . No reports or screens appear after clicking on the DDS.com file. A message said that it is dangerous to run it and it warns me not to run DDS.com
    I tried it anyway as instructed with no results. How do I enable scripts to run on my XP pc so that DDS will run?
    Thank you in advance.
    A
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Post MBAM and GMER logs.

    Says which program?
     
  3. allandncr

    allandncr TS Rookie Topic Starter

    Techspot,
    I believe it was Google chrome that put up a message that running DDS.com could do harm.

    Thank you for your reply, I am posting because of a virus problem. I am posting this in two parts because it is too long for one. I have read and followed your instructions. I have an older HP running XP. Last year I had added RAM and a new hard drive and it has run well. I have a router, Avast and ZoneAlarm. Earlier this month it began to run slower than usual. An Avast virus scan said that I had many infected files but Avast could not find them to delete them or take action on them.
    I ran MBAM and it found 3 viruses and quarantined them. One was a Trojan. The PC continued to have problems running slowly and eventually would display a message that there are not enough system resources. I ran Unhackme with ReAnimator. And I sent Unhackme the report file. Dmitry S. from Unhackme sent me an email instructing me to run a command file that I posted below. When I ran it, it caused my virus protection to stop and my Internet Explorer to stop working too. I sent a follow -up report to Unhackme and I have not received a response.
    I ran a program called Stinger from McAfee and it found a virus and deleted it.
    Below are the reports and the email from Dmitry S. at Unhackme.
    Thank you in advance for looking this over .
    Allan
    ------------current MBAM shows no virus
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.31.13

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-46E94OWX6A [administrator]

    Protection: Enabled

    7/31/2012 8:13:37 PM
    mbam-log-2012-07-31 (20-13-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 239598
    Time elapsed: 34 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ---------------original MBAM did show trojan virus.
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.08.06

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-46E94OWX6A [administrator]

    7/8/2012 1:37:25 PM
    mbam-log-2012-07-08 (13-37-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235299
    Time elapsed: 32 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA42713-5C1E-48E2-B432-D8BF420DD31D} (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ------ I ran a program called Stinger from McAfee and it found another virus. I have a screenshot of the report if you need to see it.

    ------ I sent a report to Unhackme. I received the following emailed instructions.
    We have found a malware in your report
    We will begin to fix it.
    Save attached rnr.rnr to your desktop.
    --Here is a copy of the rnr.rnr file.....
    [General]
    Id=4A33E61682478742F777672019632541
    [68_D:\autorun.inf_HKLM]
    Val=D:\autorun.inf
    Delete=1
    [DEL_AT_STARTUP]
    68_D:\autorun.inf_HKLM=1
    68_D:\desktop.ini_HKLM=1
    [68_D:\desktop.ini_HKLM]
    Val=D:\desktop.ini
    Delete=1
    [CompSettings]
    ProtectAutoRunInf=Y
    AutoRunInf=Y
    [36_ProxyServer_HKCU]
    Key=\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    Val=ProxyServer
    Root=HKCU
    Type=1
    Def=
    [Registry]
    36_ProxyServer_HKCU=1

    1. Restart your computer and choose the Safe mode.
    Read instructions how to choose the Safe mode:
    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
    2. Open Reanimator.exe.
    Choose \"Open RNR\" tab.
    Locate your rnr.rnr file.
    3. Restart your computer again and choose the Safe mode
    4. Restart and choose the Normal Windows mode.
    Open Reanimator and create Detailed System Report.
    Attach a new report to the ticket.
    Best wishes,
    Dmitry Sokolov
    ---


    ------------------------ Ran GMER today 7-31-2012
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-31 21:50:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b ST3160215A rev.3.AAD
    Running: yl16524t.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxrcypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF038E0B2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF038DF1D]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \FileSystem\Fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-01 07:43:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b ST3160215A rev.3.AAD
    Running: yl16524t.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxrcypow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF034D488]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF03F67BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF034DEA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF038DB81]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF0542534]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF0358CCC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF0358D18]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF053C782]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF0358E9A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF038D535]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF0358C3A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF0542CC0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF0358D5C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF0358C82]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF034E098]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF0358E54]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF0542DF6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF034E81C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF034D4D6]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF053D398]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF038E247]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF038E4FD]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF0351E88]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF038E0B2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF038DF1D]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF03F689E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF034D13E]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF055D93C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF055DB44]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF034D524]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF03521FA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF034F1E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF0358CF6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF0358D3A]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF053CFAA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF0358EBE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF038D891]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF0358C60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF03519FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF0358DDE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF0358CAA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF0351C30]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF0358E78]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF03F6A1E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF038DD98]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF034F0B0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF038DBEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF034EC5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF0402338]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF055E208]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF05420F4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF038CBA8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF034D572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF034D5C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF034E69C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF053D75C]
    SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF055EE12]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF034D1C8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF034D378]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF038E34E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF034D31E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF034E97E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF034EADA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF034D3E8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF034E3BA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF034E51C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF034D60E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF034DEE8]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + D8 804E2744 16 Bytes [CC, 8C, 35, F0, 18, 8D, 35, ...]
    .text ntoskrnl.exe!_abnormal_termination + 140 804E27AC 12 Bytes [D6, D4, 34, F0, 98, D3, 53, ...]
    .text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [3E, D1, 34, F0, 3C, D9, 55, ...]
    .text ntoskrnl.exe!_abnormal_termination + 214 804E2880 16 Bytes [F6, 8C, 35, F0, 3A, 8D, 35, ...]
    .text ntoskrnl.exe!_abnormal_termination + 310 804E297C 4 Bytes JMP 80F038DB
    .text ...
    PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL F034F895 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6CD3340, 0x13140F, 0xF8000020]
    .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP F0353812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP F0353702 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP F03536BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP F0352D6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP F035248A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP F035397C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP F0353B84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngUnmapFontFileFD + B687 BF839EAC 5 Bytes JMP F03535C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85174B 5 Bytes JMP F035234E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP F0352E30 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP F03528E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP F0352BAA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F5F2 5 Bytes JMP F0352336 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 5457 BF8649C1 5 Bytes JMP F035374C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 35FB BF8731C7 5 Bytes JMP F03529A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4138 BF873D04 5 Bytes JMP F0352B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetLastError + 1606 BF890F6A 5 Bytes JMP F0352E48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 26EE BF894515 5 Bytes JMP F03538C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStretchBltROP + 583 BF894FED 5 Bytes JMP F0353AE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 3857 BF89C393 5 Bytes JMP F0352D56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89D928 5 Bytes JMP F03524FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9DC BF8C1E70 5 Bytes JMP F035260A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA2D2 5 Bytes JMP F03526E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA552 5 Bytes JMP F035280E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EBF17 5 Bytes JMP F0352230 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + CB53 BF8F4F2C 5 Bytes JMP F0352D86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 1A5A BF913814 5 Bytes JMP F0352426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 262E BF9143E8 5 Bytes JMP F03525B6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4FA7 BF916D61 5 Bytes JMP F0352CC4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 1937 BF946E38 5 Bytes JMP F0353A3A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012380, 0x268A41, 0xF8000020]

    ----- end part 1 of 2 ----
     
  4. allandncr

    allandncr TS Rookie Topic Starter

    Part 2 of 3
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\System32\hphmon05.exe[292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\hphmon05.exe[292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[316] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\WINDOWS\Explorer.EXE[316] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\WINDOWS\system32\rundll32.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\rundll32.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\HP\KBD\KBD.EXE[688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\HP\KBD\KBD.EXE[688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\smss.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[1068] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[1164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1216] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1216] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Windows Defender\MSASCui.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Windows Defender\MSASCui.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1748] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[1884] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\ALCXMNTR.EXE[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\ALCXMNTR.EXE[1972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2208] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[2208] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[2272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wuauclt.exe[2272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\nvsvc32.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\nvsvc32.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\Tablet.exe[2360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\Tablet.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[2400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wdfmgr.exe[2400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2692] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\Program Files\Iomega\DriveIcons\ImgIcon.exe[2692] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\My Downloads\virusjuly2012\GMER\yl16524t.exe[2792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\My Downloads\virusjuly2012\GMER\yl16524t.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\My Downloads\virusjuly2012\GMER\yl16524t.exe[2792] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\My Downloads\virusjuly2012\GMER\yl16524t.exe[2792] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe[2940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2956] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2956] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\WINDOWS\system32\WTablet\TabUserW.exe[3148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\WTablet\TabUserW.exe[3148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[3988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[4008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\windows\system\hpsysdrv.exe[4048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\windows\system\hpsysdrv.exe[4048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[5248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[5248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[5248] SHELL32.dll!SHFileOperationW 7CA708A0 5 Bytes JMP 30001270 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)
    .text C:\WINDOWS\system32\NOTEPAD.EXE[5248] SHELL32.dll!SHFileOperation 7CA70B88 5 Bytes JMP 30001280 C:\Program Files\Iomega\DriveIcons\IMGHOOK.DLL (IMGHOOK/Iomega Corp.)

    end part 2 of 3
     
  5. allandncr

    allandncr TS Rookie Topic Starter

    part 3 of 3.. sorry it would not fit in just two.

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F0545C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F0545C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F0545C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F05253C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F0545C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F0545C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F0547672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F0545C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F0547CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F05474C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F053E2AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F053E60C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F053DD40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
    IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F053E41C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[1152] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[1152] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
    IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[2060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

    AttachedDevice \FileSystem\Fastfat \Fat tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\Tech info\How to PDF files\How to Create PDF Files_files\tripod;kw=how+to+create+printable+pdf+files;h=misc;sz=728x90;!category=adult;!category=sexualovertones;ord=15661253466837_files\imp.gif 43 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\Tech info\How to PDF files\How to Create PDF Files_files\tripod;kw=how+to+create+printable+pdf+files;h=misc;sz=728x90;!category=adult;!category=sexualovertones;ord=15661253466837_files\show_ads.js 5246 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20'-Dry-Van_w197.jpg 8429 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20'-Dry-Van_w197.psd 168573 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20'-Dry-Van_w197_wtext.jpg 2873 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20'-Reefer_w197.jpg 3482 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20'-Reefer_w197.psd 177024 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20'-Reefer_w197_wtext.jpg 3866 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20ft_dryvan_w197_wtext.jpg 2873 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\20ft_reefer_w197_wtext.jpg 3866 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40'-Dry-Van_w197.jpg 3472 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40'-Dry-Van_w197.psd 198894 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40'-Open-Tops_w_197.jpg 3015 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40'-Reefer_retouched_w197.jpg 2572 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40'-Reefer_retouched_w197.psd 161690 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40ft_dryvan_w197_wtext.jpg 3816 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40ft_opentops_w_197.psd 183331 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40ft_opentops_w_197_wtext.jpg 3412 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\40ft_reefer_w197_wtext.jpg 2984 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\curved_arrow_wtext.jpg 2622 bytes
    File C:\Documents and Settings\Owner\My Documents\AFS STUDIOS\AFS Studios Older File Archives\AFS Studios\WEBSITES\New_CC_Sites_Info_Text_Photos_Workup_files\Image files\Photos Containers Trucks More form Jim Greco 3-3-04\Small versions of some of these photos for web\Picasa.ini 118 bytes
    File C:\Documents and Settings\Owner\My Documents\ECLC\ECLC LESSONS I AM PLANNING FOR SEPT 2006 - JUNE 2007\Favorites from IE - ECLC My work computer\Favorites\CLASS ONLINE LESSONS\Junior Lessons and more\Holidays, Spring, Games from A kids heart.com\Concentration game w butterflies\Butterfly Match Game.url 221 bytes
    File C:\Documents and Settings\Owner\My Documents\ECLC\ECLC LESSONS I AM PLANNING FOR SEPT 2006 - JUNE 2007\Favorites from IE - ECLC My work computer\Favorites\CLASS RESOURCES\Main Educ Resource Sites lots of lessons resources\MANY GREAT Smartboard Interactive Lessons\HPE SMART Board Units.url 162 bytes
    File C:\Documents and Settings\Owner\My Documents\ECLC\ECLC LESSONS I AM PLANNING FOR SEPT 2006 - JUNE 2007\Favorites from IE - ECLC My work computer\Favorites\CLASS RESOURCES\Main Educ Resource Sites lots of lessons resources\MANY GREAT Smartboard Interactive Lessons\Smartboard Resources.url 221 bytes
    File C:\Documents and Settings\Owner\My Documents\ECLC\ECLC LESSONS I AM PLANNING FOR SEPT 2006 - JUNE 2007\Favorites from IE - ECLC My work computer\Favorites\CLASS RESOURCES\Smartboard lesson ideas and resources\38 pages of LOTS OF SMARTBOARD LESSON NOTEBOOK FILES\SMART - U.S..url 318 bytes
    File C:\Documents and Settings\Owner\My Documents\ECLC\ECLC LESSONS I AM PLANNING FOR SEPT 2006 - JUNE 2007\Favorites from IE - ECLC My work computer\Favorites\CLASS RESOURCES\Smartboard lesson ideas and resources\Teacher lessons how to smartboard with Powerpoint, Word and excel and more\SMARTT~1.URL 282 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. allandncr

    allandncr TS Rookie Topic Starter

    Thank you. I ran both, RogueKiller and aswMBR. Rogue Killer found two things that I did not take action on to delete.
    I pasted both reports here.
    Thank you,
    Allandncr

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Owner [Admin rights]
    Mode: Scan -- Date: 08/02/2012 13:27:45

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 2 ¤¤¤
    [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3160215A +++++
    --- User ---
    [MBR] 3b9747e96c0c5f552bb4b88cedcc0eae
    [BSP] 3ea97061693e845802a602028923d052 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 6487 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 13285755 | Size: 146138 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    -------------------------------------------
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-02 13:35:42
    -----------------------------
    13:35:42.156 OS Version: Windows 5.1.2600 Service Pack 3
    13:35:42.156 Number of processors: 1 586 0xA00
    13:35:42.171 ComputerName: YOUR-46E94OWX6A UserName: Owner
    13:35:44.562 Initialize success
    13:35:59.484 AVAST engine defs: 12072601
    13:37:18.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-1b
    13:37:18.750 Disk 0 Vendor: ST3160215A 3.AAD Size: 152627MB BusType: 3
    13:37:18.765 Disk 0 MBR read successfully
    13:37:18.765 Disk 0 MBR scan
    13:37:20.218 Disk 0 unknown MBR code
    13:37:20.218 Disk 0 Partition 1 00 0B FAT32 MSDOS5.0 6487 MB offset 63
    13:37:21.000 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146138 MB offset 13285755
    13:37:22.265 Disk 0 scanning sectors +312576705
    13:37:23.218 Disk 0 scanning C:\WINDOWS\system32\drivers
    13:38:07.390 Service scanning
    13:39:07.203 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
    13:39:12.015 Modules scanning
    13:39:52.765 Disk 0 trace - called modules:
    13:39:53.296 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys
    13:39:53.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87773ab8]
    13:39:53.296 3 CLASSPNP.SYS[f782ffd7] -> nt!IofCallDriver -> \Device\00000066[0x877829e8]
    13:39:53.312 5 ACPI.sys[f77a6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1b[0x8774bd98]
    13:39:55.234 AVAST engine scan C:\WINDOWS
    13:40:11.531 AVAST engine scan C:\WINDOWS\system32
    13:53:31.734 AVAST engine scan C:\WINDOWS\system32\drivers
    13:54:28.343 AVAST engine scan C:\Documents and Settings\Owner
    16:05:10.640 AVAST engine scan C:\Documents and Settings\All Users
    16:17:21.468 Scan finished successfully
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. allandncr

    allandncr TS Rookie Topic Starter

    ComboFix ran. It created a log file. I've pasted it below.
    ComboFix 12-07-31.05 - Owner 08/03/2012 0:15.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.621 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\data
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\New Administrator\WINDOWS
    c:\documents and settings\Owner\My Documents\DPE.DUS
    c:\documents and settings\Owner\WINDOWS
    c:\windows\help\wmplayer.bak
    c:\windows\iun6002.exe
    c:\windows\jestertb.dll
    c:\windows\SET451.tmp
    c:\windows\SET536.tmp
    c:\windows\SET616.tmp
    c:\windows\SET70B.tmp
    c:\windows\system32\_003922_.tmp.dll
    c:\windows\system32\_003923_.tmp.dll
    c:\windows\system32\_003924_.tmp.dll
    c:\windows\system32\_003925_.tmp.dll
    c:\windows\system32\_003930_.tmp.dll
    c:\windows\system32\_003931_.tmp.dll
    c:\windows\system32\_003932_.tmp.dll
    c:\windows\system32\_003933_.tmp.dll
    c:\windows\system32\_003934_.tmp.dll
    c:\windows\system32\_003935_.tmp.dll
    c:\windows\system32\_003936_.tmp.dll
    c:\windows\system32\_003937_.tmp.dll
    c:\windows\system32\_003938_.tmp.dll
    c:\windows\system32\_003939_.tmp.dll
    c:\windows\system32\_003940_.tmp.dll
    c:\windows\system32\_003941_.tmp.dll
    c:\windows\system32\_003942_.tmp.dll
    c:\windows\system32\_003943_.tmp.dll
    c:\windows\system32\_003944_.tmp.dll
    c:\windows\system32\_003945_.tmp.dll
    c:\windows\system32\_003946_.tmp.dll
    c:\windows\system32\_003947_.tmp.dll
    c:\windows\system32\_003948_.tmp.dll
    c:\windows\system32\_003950_.tmp.dll
    c:\windows\system32\_003951_.tmp.dll
    c:\windows\system32\_003953_.tmp.dll
    c:\windows\system32\_003954_.tmp.dll
    c:\windows\system32\_003955_.tmp.dll
    c:\windows\system32\_003956_.tmp.dll
    c:\windows\system32\_003957_.tmp.dll
    c:\windows\system32\_003958_.tmp.dll
    c:\windows\system32\_003960_.tmp.dll
    c:\windows\system32\_003961_.tmp.dll
    c:\windows\system32\_003962_.tmp.dll
    c:\windows\system32\_003963_.tmp.dll
    c:\windows\system32\_003964_.tmp.dll
    c:\windows\system32\_003965_.tmp.dll
    c:\windows\system32\_003966_.tmp.dll
    c:\windows\system32\_003969_.tmp.dll
    c:\windows\system32\_003970_.tmp.dll
    c:\windows\system32\_003971_.tmp.dll
    c:\windows\system32\_003972_.tmp.dll
    c:\windows\system32\_003973_.tmp.dll
    c:\windows\system32\_003974_.tmp.dll
    c:\windows\system32\_003975_.tmp.dll
    c:\windows\system32\_003977_.tmp.dll
    c:\windows\system32\_003978_.tmp.dll
    c:\windows\system32\_003979_.tmp.dll
    c:\windows\system32\_003980_.tmp.dll
    c:\windows\system32\_003981_.tmp.dll
    c:\windows\system32\_003982_.tmp.dll
    c:\windows\system32\_003983_.tmp.dll
    c:\windows\system32\_003984_.tmp.dll
    c:\windows\system32\_003985_.tmp.dll
    c:\windows\system32\_003986_.tmp.dll
    c:\windows\system32\_003987_.tmp.dll
    c:\windows\system32\_003988_.tmp.dll
    c:\windows\system32\_003990_.tmp.dll
    c:\windows\system32\_003991_.tmp.dll
    c:\windows\system32\_003992_.tmp.dll
    c:\windows\system32\_003993_.tmp.dll
    c:\windows\system32\_003995_.tmp.dll
    c:\windows\system32\_003997_.tmp.dll
    c:\windows\system32\_003998_.tmp.dll
    c:\windows\system32\_003999_.tmp.dll
    c:\windows\system32\_004000_.tmp.dll
    c:\windows\system32\_004001_.tmp.dll
    c:\windows\system32\_004002_.tmp.dll
    c:\windows\system32\_004003_.tmp.dll
    c:\windows\system32\_004005_.tmp.dll
    c:\windows\system32\_004006_.tmp.dll
    c:\windows\system32\_004007_.tmp.dll
    c:\windows\system32\_004008_.tmp.dll
    c:\windows\system32\_004009_.tmp.dll
    c:\windows\system32\_004010_.tmp.dll
    c:\windows\system32\_004011_.tmp.dll
    c:\windows\system32\_004012_.tmp.dll
    c:\windows\system32\_004014_.tmp.dll
    c:\windows\system32\_004015_.tmp.dll
    c:\windows\system32\_004017_.tmp.dll
    c:\windows\system32\_004019_.tmp.dll
    c:\windows\system32\_004020_.tmp.dll
    c:\windows\system32\_004024_.tmp.dll
    c:\windows\system32\_004025_.tmp.dll
    c:\windows\system32\_004027_.tmp.dll
    c:\windows\system32\_004030_.tmp.dll
    c:\windows\system32\_004032_.tmp.dll
    c:\windows\system32\_004033_.tmp.dll
    c:\windows\system32\_004034_.tmp.dll
    c:\windows\system32\_004035_.tmp.dll
    c:\windows\system32\_004038_.tmp.dll
    c:\windows\system32\_004039_.tmp.dll
    c:\windows\system32\_004040_.tmp.dll
    c:\windows\system32\_004041_.tmp.dll
    c:\windows\system32\_004042_.tmp.dll
    c:\windows\system32\_004047_.tmp.dll
    c:\windows\system32\_004049_.tmp.dll
    c:\windows\system32\_006184_.tmp.dll
    c:\windows\system32\_006185_.tmp.dll
    c:\windows\system32\_006186_.tmp.dll
    c:\windows\system32\_006187_.tmp.dll
    c:\windows\system32\_006194_.tmp.dll
    c:\windows\system32\_006195_.tmp.dll
    c:\windows\system32\_006196_.tmp.dll
    c:\windows\system32\_006197_.tmp.dll
    c:\windows\system32\_006199_.tmp.dll
    c:\windows\system32\_006200_.tmp.dll
    c:\windows\system32\_006203_.tmp.dll
    c:\windows\system32\_006204_.tmp.dll
    c:\windows\system32\_006206_.tmp.dll
    c:\windows\system32\_006207_.tmp.dll
    c:\windows\system32\_006208_.tmp.dll
    c:\windows\system32\_006210_.tmp.dll
    c:\windows\system32\_006213_.tmp.dll
    c:\windows\system32\_006214_.tmp.dll
    c:\windows\system32\_006218_.tmp.dll
    c:\windows\system32\_006219_.tmp.dll
    c:\windows\system32\_006221_.tmp.dll
    c:\windows\system32\_006224_.tmp.dll
    c:\windows\system32\_006226_.tmp.dll
    c:\windows\system32\_006227_.tmp.dll
    c:\windows\system32\_006228_.tmp.dll
    c:\windows\system32\_006229_.tmp.dll
    c:\windows\system32\_006230_.tmp.dll
    c:\windows\system32\_006233_.tmp.dll
    c:\windows\system32\_006234_.tmp.dll
    c:\windows\system32\_006235_.tmp.dll
    c:\windows\system32\_006236_.tmp.dll
    c:\windows\system32\_006237_.tmp.dll
    c:\windows\system32\_006242_.tmp.dll
    c:\windows\system32\_006244_.tmp.dll
    c:\windows\system32\bszip.dll
    c:\windows\system32\ccrpTmr6.dll
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\dllcache\wmpvis.dll
    c:\windows\system32\PowerToyReadme.htm
    c:\windows\system32\ps2.bat
    c:\windows\system32\regobj.dll
    c:\windows\system32\SET1086.tmp
    c:\windows\system32\SET1089.tmp
    c:\windows\system32\SET108A.tmp
    c:\windows\system32\SET108E.tmp
    c:\windows\system32\SET10BD.tmp
    c:\windows\system32\SET10BF.tmp
    c:\windows\system32\SET117B.tmp
    c:\windows\system32\SET117E.tmp
    c:\windows\system32\SET117F.tmp
    c:\windows\system32\SET1183.tmp
    c:\windows\system32\SET11B2.tmp
    c:\windows\system32\SET11B4.tmp
    c:\windows\system32\SET11F.tmp
    c:\windows\system32\SET120.tmp
    c:\windows\system32\SET122.tmp
    c:\windows\system32\SET124.tmp
    c:\windows\system32\SET125.tmp
    c:\windows\system32\SET126.tmp
    c:\windows\system32\SET128.tmp
    c:\windows\system32\SET129.tmp
    c:\windows\system32\SET12A.tmp
    c:\windows\system32\SET12B.tmp
    c:\windows\system32\SET12C.tmp
    c:\windows\system32\SET12D.tmp
    c:\windows\system32\SET12F.tmp
    c:\windows\system32\SET131.tmp
    c:\windows\system32\SET133.tmp
    c:\windows\system32\SET134.tmp
    c:\windows\system32\SET135.tmp
    c:\windows\system32\SET137.tmp
    c:\windows\system32\SET13A.tmp
    c:\windows\system32\SET13B.tmp
    c:\windows\system32\SET13D.tmp
    c:\windows\system32\SET13E.tmp
    c:\windows\system32\SET140.tmp
    c:\windows\system32\SET141.tmp
    c:\windows\system32\SET142.tmp
    c:\windows\system32\SET143.tmp
    c:\windows\system32\SET144.tmp
    c:\windows\system32\SET147.tmp
    c:\windows\system32\SET148.tmp
    c:\windows\system32\SET149.tmp
    c:\windows\system32\SET14B.tmp
    c:\windows\system32\SET14C.tmp
    c:\windows\system32\SET14E.tmp
    c:\windows\system32\SET14F.tmp
    c:\windows\system32\SET150.tmp
    c:\windows\system32\SET151.tmp
    c:\windows\system32\SET152.tmp
    c:\windows\system32\SET154.tmp
    c:\windows\system32\SET156.tmp
    c:\windows\system32\SET157.tmp
    c:\windows\system32\SET158.tmp
    c:\windows\system32\SET159.tmp
    c:\windows\system32\SET15A.tmp
    c:\windows\system32\SET15B.tmp
    c:\windows\system32\SET15C.tmp
    c:\windows\system32\SET15D.tmp
    c:\windows\system32\SET15E.tmp
    c:\windows\system32\SET15F.tmp
    c:\windows\system32\SET160.tmp
    c:\windows\system32\SET161.tmp
    c:\windows\system32\SET162.tmp
    c:\windows\system32\SET163.tmp
    c:\windows\system32\SET164.tmp
    c:\windows\system32\SET165.tmp
    c:\windows\system32\SET166.tmp
    c:\windows\system32\SET167.tmp
    c:\windows\system32\SET168.tmp
    c:\windows\system32\SET16A.tmp
    c:\windows\system32\SET16B.tmp
    c:\windows\system32\SET16C.tmp
    c:\windows\system32\SET16D.tmp
    c:\windows\system32\SET16E.tmp
    c:\windows\system32\SET16F.tmp
    c:\windows\system32\SET170.tmp
    c:\windows\system32\SET171.tmp
    c:\windows\system32\SET172.tmp
    c:\windows\system32\SET173.tmp
    c:\windows\system32\SET174.tmp
    c:\windows\system32\SET175.tmp
    c:\windows\system32\SET177.tmp
    c:\windows\system32\SET178.tmp
    c:\windows\system32\SET179.tmp
    c:\windows\system32\SET17A.tmp
    c:\windows\system32\SET17B.tmp
    c:\windows\system32\SET17C.tmp
    c:\windows\system32\SET17D.tmp
    c:\windows\system32\SET17E.tmp
    c:\windows\system32\SET181.tmp
    c:\windows\system32\SET182.tmp
    c:\windows\system32\SET183.tmp
    c:\windows\system32\SET184.tmp
    c:\windows\system32\SET185.tmp
    c:\windows\system32\SET186.tmp
    c:\windows\system32\SET187.tmp
    c:\windows\system32\SET189.tmp
    c:\windows\system32\SET18A.tmp
    c:\windows\system32\SET18C.tmp
    c:\windows\system32\SET18D.tmp
    c:\windows\system32\SET18F.tmp
    c:\windows\system32\SET190.tmp
    c:\windows\system32\SET191.tmp
    c:\windows\system32\SET192.tmp
    c:\windows\system32\SET193.tmp
    c:\windows\system32\SET194.tmp
    c:\windows\system32\SET195.tmp
    c:\windows\system32\SET198.tmp
    c:\windows\system32\SET199.tmp
    c:\windows\system32\SET19A.tmp
    c:\windows\system32\SET19B.tmp
    c:\windows\system32\SET19C.tmp
    c:\windows\system32\SET19D.tmp
    c:\windows\system32\SET19E.tmp
    c:\windows\system32\SET19F.tmp
    c:\windows\system32\SET1A0.tmp
    c:\windows\system32\SET1A2.tmp
    c:\windows\system32\SET1A5.tmp
    c:\windows\system32\SET1A6.tmp
    c:\windows\system32\SET1A7.tmp
    c:\windows\system32\SET1A8.tmp
    c:\windows\system32\SET1A9.tmp
    c:\windows\system32\SET1AA.tmp
    c:\windows\system32\SET1AB.tmp
    c:\windows\system32\SET1AC.tmp
    c:\windows\system32\SET1AD.tmp
    c:\windows\system32\SET1AE.tmp
    c:\windows\system32\SET1AF.tmp
    c:\windows\system32\SET1B0.tmp
    c:\windows\system32\SET1B1.tmp
    c:\windows\system32\SET1B2.tmp
    c:\windows\system32\SET1B3.tmp
    c:\windows\system32\SET1B4.tmp
    c:\windows\system32\SET1B6.tmp
    c:\windows\system32\SET1B8.tmp
    c:\windows\system32\SET1BA.tmp
    c:\windows\system32\SET1BB.tmp
    c:\windows\system32\SET1BC.tmp
    c:\windows\system32\SET1C1.tmp
    c:\windows\system32\SET1C2.tmp
    c:\windows\system32\SET1C3.tmp
    c:\windows\system32\SET1C4.tmp
    c:\windows\system32\SET1C5.tmp
    c:\windows\system32\SET1C6.tmp
    c:\windows\system32\SET1C7.tmp
    c:\windows\system32\SET1C8.tmp
    c:\windows\system32\SET1C9.tmp
    c:\windows\system32\SET1CA.tmp
    c:\windows\system32\SET1CB.tmp
    c:\windows\system32\SET1CC.tmp
    c:\windows\system32\SET1CD.tmp
    c:\windows\system32\SET1CE.tmp
    c:\windows\system32\SET1CF.tmp
    c:\windows\system32\SET1D0.tmp
    c:\windows\system32\SET1D1.tmp
    c:\windows\system32\SET1D2.tmp
    c:\windows\system32\SET1D3.tmp
    c:\windows\system32\SET1D4.tmp
    c:\windows\system32\SET1D5.tmp
    c:\windows\system32\SET1D6.tmp
    c:\windows\system32\SET1D7.tmp
    c:\windows\system32\SET1D8.tmp
    c:\windows\system32\SET1DB.tmp
    c:\windows\system32\SET1DC.tmp
    c:\windows\system32\SET1DD.tmp
    c:\windows\system32\SET1DE.tmp
    c:\windows\system32\SET1DF.tmp
    c:\windows\system32\SET1E0.tmp
    c:\windows\system32\SET1E1.tmp
    c:\windows\system32\SET1E2.tmp
    c:\windows\system32\SET1E3.tmp
    c:\windows\system32\SET1E4.tmp
    c:\windows\system32\SET1E5.tmp
    c:\windows\system32\SET1E6.tmp
    c:\windows\system32\SET1E7.tmp
    c:\windows\system32\SET1E8.tmp
    c:\windows\system32\SET1E9.tmp
    c:\windows\system32\SET1EA.tmp
    c:\windows\system32\SET1EB.tmp
    c:\windows\system32\SET1EC.tmp
    c:\windows\system32\SET1ED.tmp
    c:\windows\system32\SET1EF.tmp
    c:\windows\system32\SET1F0.tmp
    c:\windows\system32\SET1F1.tmp
    c:\windows\system32\SET1F2.tmp
    c:\windows\system32\SET1F3.tmp
    c:\windows\system32\SET1F4.tmp
    c:\windows\system32\SET1F6.tmp
    c:\windows\system32\SET1F7.tmp
    c:\windows\system32\SET1F8.tmp
    c:\windows\system32\SET1F9.tmp
    c:\windows\system32\SET1FB.tmp
    c:\windows\system32\SET1FC.tmp
    c:\windows\system32\SET1FD.tmp
    c:\windows\system32\SET1FE.tmp
    c:\windows\system32\SET1FF.tmp
    c:\windows\system32\SET200.tmp
    c:\windows\system32\SET201.tmp
    c:\windows\system32\SET202.tmp
    c:\windows\system32\SET203.tmp
    c:\windows\system32\SET204.tmp
    c:\windows\system32\SET205.tmp
    c:\windows\system32\SET206.tmp
    c:\windows\system32\SET20A.tmp
    c:\windows\system32\SET20B.tmp
    c:\windows\system32\SET20C.tmp
    c:\windows\system32\SET20D.tmp
    c:\windows\system32\SET20E.tmp
    c:\windows\system32\SET20F.tmp
    c:\windows\system32\SET210.tmp
    c:\windows\system32\SET213.tmp
    c:\windows\system32\SET214.tmp
    c:\windows\system32\SET216.tmp
    c:\windows\system32\SET217.tmp
    c:\windows\system32\SET219.tmp
    c:\windows\system32\SET21C.tmp
    c:\windows\system32\SET21F.tmp
    c:\windows\system32\SET220.tmp
    c:\windows\system32\SET221.tmp
    c:\windows\system32\SET222.tmp
    c:\windows\system32\SET223.tmp
    c:\windows\system32\SET224.tmp
    c:\windows\system32\SET225.tmp
    c:\windows\system32\SET226.tmp
    c:\windows\system32\SET227.tmp
    c:\windows\system32\SET228.tmp
    c:\windows\system32\SET229.tmp
    c:\windows\system32\SET22A.tmp
    c:\windows\system32\SET22B.tmp
    c:\windows\system32\SET22C.tmp
    c:\windows\system32\SET22D.tmp
    c:\windows\system32\SET22E.tmp
    c:\windows\system32\SET22F.tmp
    c:\windows\system32\SET230.tmp
    c:\windows\system32\SET232.tmp
    c:\windows\system32\SET233.tmp
    c:\windows\system32\SET234.tmp
    c:\windows\system32\SET235.tmp
    c:\windows\system32\SET236.tmp
    c:\windows\system32\SET237.tmp
    c:\windows\system32\SET238.tmp
    c:\windows\system32\SET23A.tmp
    c:\windows\system32\SET23B.tmp
    c:\windows\system32\SET23D.tmp
    c:\windows\system32\SET23E.tmp
    c:\windows\system32\SET23F.tmp
    c:\windows\system32\SET240.tmp
    c:\windows\system32\SET241.tmp
    c:\windows\system32\SET242.tmp
    c:\windows\system32\SET243.tmp
    c:\windows\system32\SET245.tmp
    c:\windows\system32\SET246.tmp
    c:\windows\system32\SET249.tmp
    c:\windows\system32\SET24A.tmp
    c:\windows\system32\SET24B.tmp
    c:\windows\system32\SET24C.tmp
    c:\windows\system32\SET24D.tmp
    c:\windows\system32\SET24E.tmp
    c:\windows\system32\SET24F.tmp
    c:\windows\system32\SET250.tmp
    c:\windows\system32\SET251.tmp
    c:\windows\system32\SET252.tmp
    c:\windows\system32\SET253.tmp
    c:\windows\system32\SET254.tmp
    c:\windows\system32\SET255.tmp
    c:\windows\system32\SET257.tmp
    c:\windows\system32\SET258.tmp
    c:\windows\system32\SET259.tmp
    c:\windows\system32\SET25A.tmp
    c:\windows\system32\SET25C.tmp
    c:\windows\system32\SET25D.tmp
    c:\windows\system32\SET25F.tmp
    c:\windows\system32\SET260.tmp
    c:\windows\system32\SET261.tmp
    c:\windows\system32\SET262.tmp
    c:\windows\system32\SET263.tmp
    c:\windows\system32\SET264.tmp
    c:\windows\system32\SET265.tmp
    c:\windows\system32\SET266.tmp
    c:\windows\system32\SET267.tmp
    c:\windows\system32\SET268.tmp
    c:\windows\system32\SET269.tmp
    c:\windows\system32\SET26A.tmp
    c:\windows\system32\SET26B.tmp
    c:\windows\system32\SET26C.tmp
    c:\windows\system32\SET26D.tmp
    c:\windows\system32\SET26E.tmp
    c:\windows\system32\SET26F.tmp
    c:\windows\system32\SET270.tmp
    c:\windows\system32\SET271.tmp
    c:\windows\system32\SET272.tmp
    c:\windows\system32\SET273.tmp
    c:\windows\system32\SET274.tmp
    c:\windows\system32\SET275.tmp
    c:\windows\system32\SET276.tmp
    c:\windows\system32\SET277.tmp
    c:\windows\system32\SET278.tmp
    c:\windows\system32\SET279.tmp
    c:\windows\system32\SET27A.tmp
    c:\windows\system32\SET27B.tmp
    c:\windows\system32\SET27D.tmp
    c:\windows\system32\SET282.tmp
    c:\windows\system32\SET283.tmp
    c:\windows\system32\SET284.tmp
    c:\windows\system32\SET285.tmp
    c:\windows\system32\SET286.tmp
    c:\windows\system32\SET287.tmp
    c:\windows\system32\SET289.tmp
    c:\windows\system32\SET28B.tmp
    c:\windows\system32\SET28C.tmp
    c:\windows\system32\SET28D.tmp
    c:\windows\system32\SET28E.tmp
    c:\windows\system32\SET28F.tmp
    c:\windows\system32\SET290.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-01 06:21 . 2012-06-29 08:446891424----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{FD4B8373-CE71-4C60-900B-8A09B8245871}\mpengine.dll
    2012-07-27 00:17 . 2012-07-27 00:17--------d-----w-c:\documents and settings\New Administrator\Local Settings\Application Data\Apple Computer
    2012-07-27 00:16 . 2012-07-27 00:16--------d-----w-c:\documents and settings\New Administrator\Local Settings\Application Data\Adobe
    2012-07-27 00:16 . 2012-07-27 00:16--------d-----w-c:\documents and settings\New Administrator\Application Data\Apple Computer
    2012-07-27 00:12 . 2012-07-27 00:12--------d-sh--w-c:\documents and settings\New Administrator\IETldCache
    2012-07-26 21:59 . 2012-08-03 04:43--------d-----w-c:\documents and settings\Administrator
    2012-07-26 20:55 . 2012-07-26 20:5535816----a-w-c:\windows\system32\drivers\Partizan.sys
    2012-07-26 20:55 . 2012-07-26 20:5539184----a-w-c:\windows\system32\Partizan.exe
    2012-07-26 20:55 . 2012-07-26 20:55--------d-----r-C:\comment.htt
    2012-07-23 13:24 . 2012-07-26 20:5924416----a-w-c:\windows\system32\drivers\regguard.sys
    2012-07-20 20:10 . 2012-07-30 20:54--------d-----w-c:\documents and settings\All Users\Application Data\RegRun
    2012-07-20 20:07 . 2012-07-20 20:072--shatr-c:\windows\winstart.bat
    2012-07-20 20:07 . 2012-06-27 20:0112800----a-w-c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-07-20 20:07 . 2012-07-24 20:44--------d-----w-c:\program files\UnHackMe
    2012-07-17 13:59 . 2012-07-17 13:59--------d-----w-C:\7da463663ba65c59d53132b59029
    2012-07-13 18:27 . 2012-07-13 18:27--------d-----w-C:\70d9dacbc4d71b5b4c
    2012-07-11 12:55 . 2012-07-11 12:55--------d-----w-C:\avastscans
    2012-07-08 17:29 . 2012-07-08 17:29--------d-----w-c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-07-08 17:28 . 2012-07-08 17:28--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-08 17:28 . 2012-07-20 05:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-07-08 17:28 . 2012-07-03 17:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-08 16:48 . 2012-07-08 16:47205072----a-w-c:\windows\system32\drivers\tmcomm.sys
    2012-07-08 16:47 . 2012-07-13 04:45131344----a-w-c:\windows\system32\drivers\tmrkb.sys
    2012-07-08 15:02 . 2012-07-08 15:0214664----a-w-c:\windows\stinger.sys
    2012-07-08 15:01 . 2012-07-08 15:42--------d-----w-c:\program files\stinger
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 14:44 . 2004-05-12 12:083997----a-w-c:\windows\viassary-hp.reg
    2012-06-29 08:44 . 2006-06-30 14:336891424----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-06-28 12:52 . 2010-12-13 22:29353688----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-06-28 12:52 . 2010-12-13 22:2954232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-06-28 12:52 . 2011-07-03 12:11721000----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-06-28 12:52 . 2010-12-13 22:2935928----a-w-c:\windows\system32\drivers\aswRdr.sys
    2012-06-28 12:52 . 2010-12-13 22:2997352----a-w-c:\windows\system32\drivers\aswmon2.sys
    2012-06-28 12:52 . 2010-12-13 22:2989624----a-w-c:\windows\system32\drivers\aswmon.sys
    2012-06-28 12:52 . 2010-12-13 22:2921256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-06-28 12:52 . 2010-12-13 22:2925256----a-w-c:\windows\system32\drivers\aavmker4.sys
    2012-06-28 12:52 . 2010-12-13 22:2841224----a-w-c:\windows\avastSS.scr
    2012-06-28 12:51 . 2010-12-13 22:28227648----a-w-c:\windows\system32\aswBoot.exe
    2012-06-02 19:19 . 2007-05-23 20:5522040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-05-23 20:5515384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2005-07-21 18:29329240----a-w-c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2005-07-21 18:29219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2005-07-21 18:29210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2007-05-23 20:5515384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2005-07-21 18:2935864----a-w-c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2005-05-26 08:1645080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2004-06-04 22:2497304----a-w-c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2004-06-04 21:5153784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2007-05-23 20:5517944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2005-07-21 18:29577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2004-06-04 21:511933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2011-07-19 09:41214256----a-w-c:\windows\system32\muweb.dll
    2012-06-02 19:18 . 2011-07-19 09:4117136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2011-07-19 09:41275696----a-w-c:\windows\system32\mucltui.dll
    2012-05-31 16:25 . 2009-10-03 16:39237072------w-c:\windows\system32\MpSigStub.exe
    2012-05-31 13:22 . 2004-05-12 10:06599040----a-w-c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-01-22 06:16916992----a-w-c:\windows\system32\wininet.dll
    2012-05-15 13:20 . 2010-12-14 22:091863168----a-w-c:\windows\system32\win32k.sys
    2012-05-15 00:39 . 2012-05-15 00:39419488----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-05-15 00:39 . 2011-05-27 10:5070304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-11 14:42 . 2004-06-04 22:2643520----a-w-c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-06-04 22:251469440----a-w-c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-04 05:59385024----a-w-c:\windows\system32\html.iec
    2008-02-28 05:30 . 2008-02-28 05:302293848----a-w-c:\program files\FLV PlayerFCSetup.exe
    2008-02-28 05:19 . 2008-02-28 05:193955352----a-w-c:\program files\FLV PlayerRCATSetup.exe
    2008-02-28 05:18 . 2008-02-28 05:18411248----a-w-c:\program files\FLV PlayerRCSetup.exe
    2007-03-09 08:1227648--sha-w-c:\windows\system32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-06-28 12:51121528----a-w-c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CuteReminder"="c:\program files\CuteReminder\CuteReminder.exe" [2004-10-28 807424]
    "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
    "Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-04-21 118784]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
    "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-19 4355576]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-10-19 960640]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-19 377320]
    "Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2000-06-02 32768]
    "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2000-06-13 36864]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-24 3026944]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "nwiz"="nwiz.exe" [2004-02-24 753664]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-5-12 36864]
    IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-5-12 57344]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-11 688128]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0Partizan
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
    2009-06-05 11:38468408----a-w-c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MySql"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "AlcxMonitor"=ALCXMNTR.EXE
    "MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 mrtRate;mrtRate; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x]
    R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [x]
    S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - aswMBR
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelperREG_MULTI_SZ nosGetPlusHelper
    AkamaiREG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 03:54]
    .
    2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 03:54]
    .
    2012-08-02 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/finance?q=ntwk
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>
    IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: afsstudios.com\www
    Trusted Zone: cedant.com\cp
    Trusted Zone: troweprice.com
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e3o27581.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=1&hl=...ient=firefox-a&rls=org.mozilla:en-US:official
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CLC-4-TTS: {7529D455-3392-4a17-A489-0C737D1DBAC0} - %profile%\extensions\{7529D455-3392-4a17-A489-0C737D1DBAC0}
    FF - Ext: CLC-Utilities: {C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A} - %profile%\extensions\{C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A}
    FF - Ext: CLC-CLiCkSpeak: {D1517460-5F8F-11DB-B0DE-0800200CA666} - %profile%\extensions\{D1517460-5F8F-11DB-B0DE-0800200CA666}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Eraser - c:\program files\Eraser\Eraser.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe
    HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-SysMap - c:\documents and settings\Owner\Local Settings\Application Data\Wdcfg3xx\SysMap.NET.dll
    AddRemove-62067F4C-84A9-45B9-8573-B90468B0A3EF - c:\program files\WildTangent\Apps\GameChannel\Games\62067F4C-84A9-45B9-8573-B90468B0A3EF\Uninstall.exe
    AddRemove-6723E59E-322A-417A-8E03-27A61E18253C - c:\program files\WildTangent\Apps\GameChannel\Games\6723E59E-322A-417A-8E03-27A61E18253C\Uninstall.exe
    AddRemove-8C4E79CC-03E1-43AA-9910-9A5113F24603 - c:\program files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe
    AddRemove-B8610D19-E576-4F91-8A2F-07898D9CA301 - c:\program files\WildTangent\Apps\GameChannel\Games\B8610D19-E576-4F91-8A2F-07898D9CA301\Uninstall.exe
    AddRemove-BFBCBAE3-8293-4215-9C4F-C2402C118EDB - c:\program files\WildTangent\Apps\GameChannel\Games\BFBCBAE3-8293-4215-9C4F-C2402C118EDB\Uninstall.exe
    AddRemove-C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A - c:\program files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe
    AddRemove-D11F7128-8CBD-408B-8BF8-034604DEDD42 - c:\program files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe
    AddRemove-DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292 - c:\program files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe
    AddRemove-E28167F1-3F42-40C7-9119-1D5A97444F10 - c:\program files\WildTangent\Apps\GameChannel\Games\E28167F1-3F42-40C7-9119-1D5A97444F10\Uninstall.exe
    AddRemove-F5215F01-DFC0-475D-A910-6F1AF94E807E - c:\program files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe
    AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~2\UNWISE.EXE
    AddRemove-Replay_Converter_1 - c:\windows\iun6002.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-03 00:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    Completion time: 2012-08-03 00:59:31
    ComboFix-quarantined-files.txt 2012-08-03 04:59
    .
    Pre-Run: 95,758,823,424 bytes free
    Post-Run: 96,136,249,344 bytes free
    .
    - - End Of File - - 9C299C8A644169F2D8710436B12A9399
     
  10. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\winstart.bat
    
    DDS::
    uInternet Settings,ProxyOverride = local;*.local;127.0.0.1:9421;<local>
    Trusted Zone: afsstudios.com\www
    Trusted Zone: cedant.com\cp
    Trusted Zone: troweprice.com
    
    Driver::
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000000
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  11. allandncr

    allandncr TS Rookie Topic Starter

    Broni,
    I followed your instructions. I created the text file and also ran Combofix again.
    Below is the Combofix report file.
    Thank you,
    Allandncr
    ComboFix 12-07-31.06 - Owner 08/03/2012 20:46:36.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.594 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    FILE ::
    "c:\windows\winstart.bat"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\SET291.tmp
    c:\windows\system32\SET292.tmp
    c:\windows\system32\SET293.tmp
    c:\windows\system32\SET294.tmp
    c:\windows\system32\SET295.tmp
    c:\windows\system32\SET296.tmp
    c:\windows\system32\SET297.tmp
    c:\windows\system32\SET298.tmp
    c:\windows\system32\SET29A.tmp
    c:\windows\system32\SET29B.tmp
    c:\windows\system32\SET29E.tmp
    c:\windows\system32\SET2A0.tmp
    c:\windows\system32\SET2A1.tmp
    c:\windows\system32\SET2A3.tmp
    c:\windows\system32\SET2A4.tmp
    c:\windows\system32\SET2A5.tmp
    c:\windows\system32\SET2A6.tmp
    c:\windows\system32\SET2A7.tmp
    c:\windows\system32\SET2A8.tmp
    c:\windows\system32\SET2A9.tmp
    c:\windows\system32\SET2AA.tmp
    c:\windows\system32\SET2AB.tmp
    c:\windows\system32\SET2AC.tmp
    c:\windows\system32\SET2AD.tmp
    c:\windows\system32\SET2AE.tmp
    c:\windows\system32\SET2B0.tmp
    c:\windows\system32\SET2B1.tmp
    c:\windows\system32\SET2B2.tmp
    c:\windows\system32\SET2B3.tmp
    c:\windows\system32\SET2B5.tmp
    c:\windows\system32\SET2B7.tmp
    c:\windows\system32\SET2B8.tmp
    c:\windows\system32\SET2BA.tmp
    c:\windows\system32\SET2BB.tmp
    c:\windows\system32\SET2BC.tmp
    c:\windows\system32\SET2BD.tmp
    c:\windows\system32\SET2BE.tmp
    c:\windows\system32\SET2BF.tmp
    c:\windows\system32\SET2C0.tmp
    c:\windows\system32\SET2C1.tmp
    c:\windows\system32\SET2C3.tmp
    c:\windows\system32\SET2C4.tmp
    c:\windows\system32\SET2C5.tmp
    c:\windows\system32\SET2C6.tmp
    c:\windows\system32\SET2C7.tmp
    c:\windows\system32\SET2C8.tmp
    c:\windows\system32\SET2C9.tmp
    c:\windows\system32\SET2CC.tmp
    c:\windows\system32\SET2CE.tmp
    c:\windows\system32\SET2D0.tmp
    c:\windows\system32\SET2D1.tmp
    c:\windows\system32\SET2D2.tmp
    c:\windows\system32\SET2D3.tmp
    c:\windows\system32\SET2D4.tmp
    c:\windows\system32\SET2D5.tmp
    c:\windows\system32\SET2D8.tmp
    c:\windows\system32\SET2D9.tmp
    c:\windows\system32\SET2DA.tmp
    c:\windows\system32\SET2DD.tmp
    c:\windows\system32\SET2DE.tmp
    c:\windows\system32\SET2DF.tmp
    c:\windows\system32\SET2E0.tmp
    c:\windows\system32\SET2E2.tmp
    c:\windows\system32\SET2E4.tmp
    c:\windows\system32\SET2E5.tmp
    c:\windows\system32\SET2E6.tmp
    c:\windows\system32\SET2E7.tmp
    c:\windows\system32\SET2E8.tmp
    c:\windows\system32\SET2E9.tmp
    c:\windows\system32\SET2EA.tmp
    c:\windows\system32\SET2EB.tmp
    c:\windows\system32\SET2EC.tmp
    c:\windows\system32\SET2ED.tmp
    c:\windows\system32\SET2EE.tmp
    c:\windows\system32\SET2F0.tmp
    c:\windows\system32\SET2F1.tmp
    c:\windows\system32\SET2F2.tmp
    c:\windows\system32\SET2F3.tmp
    c:\windows\system32\SET2F4.tmp
    c:\windows\system32\SET2F5.tmp
    c:\windows\system32\SET2F6.tmp
    c:\windows\system32\SET2F7.tmp
    c:\windows\system32\SET2F8.tmp
    c:\windows\system32\SET2F9.tmp
    c:\windows\system32\SET2FA.tmp
    c:\windows\system32\SET2FB.tmp
    c:\windows\system32\SET2FC.tmp
    c:\windows\system32\SET2FD.tmp
    c:\windows\system32\SET2FE.tmp
    c:\windows\system32\SET2FF.tmp
    c:\windows\system32\SET300.tmp
    c:\windows\system32\SET301.tmp
    c:\windows\system32\SET302.tmp
    c:\windows\system32\SET303.tmp
    c:\windows\system32\SET305.tmp
    c:\windows\system32\SET307.tmp
    c:\windows\system32\SET308.tmp
    c:\windows\system32\SET309.tmp
    c:\windows\system32\SET30A.tmp
    c:\windows\system32\SET30E.tmp
    c:\windows\system32\SET30F.tmp
    c:\windows\system32\SET310.tmp
    c:\windows\system32\SET311.tmp
    c:\windows\system32\SET312.tmp
    c:\windows\system32\SET315.tmp
    c:\windows\system32\SET316.tmp
    c:\windows\system32\SET318.tmp
    c:\windows\system32\SET319.tmp
    c:\windows\system32\SET31A.tmp
    c:\windows\system32\SET31C.tmp
    c:\windows\system32\SET31E.tmp
    c:\windows\system32\SET31F.tmp
    c:\windows\system32\SET320.tmp
    c:\windows\system32\SET322.tmp
    c:\windows\system32\SET323.tmp
    c:\windows\system32\SET324.tmp
    c:\windows\system32\SET325.tmp
    c:\windows\system32\SET327.tmp
    c:\windows\system32\SET328.tmp
    c:\windows\system32\SET329.tmp
    c:\windows\system32\SET32B.tmp
    c:\windows\system32\SET32C.tmp
    c:\windows\system32\SET32E.tmp
    c:\windows\system32\SET330.tmp
    c:\windows\system32\SET331.tmp
    c:\windows\system32\SET332.tmp
    c:\windows\system32\SET333.tmp
    c:\windows\system32\SET334.tmp
    c:\windows\system32\SET335.tmp
    c:\windows\system32\SET336.tmp
    c:\windows\system32\SET337.tmp
    c:\windows\system32\SET338.tmp
    c:\windows\system32\SET339.tmp
    c:\windows\system32\SET33A.tmp
    c:\windows\system32\SET33B.tmp
    c:\windows\system32\SET33C.tmp
    c:\windows\system32\SET33D.tmp
    c:\windows\system32\SET33F.tmp
    c:\windows\system32\SET340.tmp
    c:\windows\system32\SET341.tmp
    c:\windows\system32\SET342.tmp
    c:\windows\system32\SET343.tmp
    c:\windows\system32\SET344.tmp
    c:\windows\system32\SET345.tmp
    c:\windows\system32\SET347.tmp
    c:\windows\system32\SET349.tmp
    c:\windows\system32\SET34C.tmp
    c:\windows\system32\SET34D.tmp
    c:\windows\system32\SET34E.tmp
    c:\windows\system32\SET350.tmp
    c:\windows\system32\SET351.tmp
    c:\windows\system32\SET352.tmp
    c:\windows\system32\SET354.tmp
    c:\windows\system32\SET357.tmp
    c:\windows\system32\SET358.tmp
    c:\windows\system32\SET359.tmp
    c:\windows\system32\SET35A.tmp
    c:\windows\system32\SET35B.tmp
    c:\windows\system32\SET35C.tmp
    c:\windows\system32\SET35D.tmp
    c:\windows\system32\SET35E.tmp
    c:\windows\system32\SET35F.tmp
    c:\windows\system32\SET360.tmp
    c:\windows\system32\SET362.tmp
    c:\windows\system32\SET364.tmp
    c:\windows\system32\SET365.tmp
    c:\windows\system32\SET367.tmp
    c:\windows\system32\SET368.tmp
    c:\windows\system32\SET36B.tmp
    c:\windows\system32\SET36D.tmp
    c:\windows\system32\SET36E.tmp
    c:\windows\system32\SET370.tmp
    c:\windows\system32\SET371.tmp
    c:\windows\system32\SET372.tmp
    c:\windows\system32\SET376.tmp
    c:\windows\system32\SET377.tmp
    c:\windows\system32\SET378.tmp
    c:\windows\system32\SET379.tmp
    c:\windows\system32\SET37A.tmp
    c:\windows\system32\SET37C.tmp
    c:\windows\system32\SET37D.tmp
    c:\windows\system32\SET37E.tmp
    c:\windows\system32\SET37F.tmp
    c:\windows\system32\SET381.tmp
    c:\windows\system32\SET382.tmp
    c:\windows\system32\SET383.tmp
    c:\windows\system32\SET384.tmp
    c:\windows\system32\SET385.tmp
    c:\windows\system32\SET386.tmp
    c:\windows\system32\SET387.tmp
    c:\windows\system32\SET389.tmp
    c:\windows\system32\SET38B.tmp
    c:\windows\system32\SET38C.tmp
    c:\windows\system32\SET38D.tmp
    c:\windows\system32\SET38F.tmp
    c:\windows\system32\SET390.tmp
    c:\windows\system32\SET391.tmp
    c:\windows\system32\SET394.tmp
    c:\windows\system32\SET395.tmp
    c:\windows\system32\SET398.tmp
    c:\windows\system32\SET399.tmp
    c:\windows\system32\SET39A.tmp
    c:\windows\system32\SET39B.tmp
    c:\windows\system32\SET39C.tmp
    c:\windows\system32\SET39E.tmp
    c:\windows\system32\SET39F.tmp
    c:\windows\system32\SET3A0.tmp
    c:\windows\system32\SET3A1.tmp
    c:\windows\system32\SET3A2.tmp
    c:\windows\system32\SET3A3.tmp
    c:\windows\system32\SET3A4.tmp
    c:\windows\system32\SET3A5.tmp
    c:\windows\system32\SET3A6.tmp
    c:\windows\system32\SET3A7.tmp
    c:\windows\system32\SET3A8.tmp
    c:\windows\system32\SET3A9.tmp
    c:\windows\system32\SET3AA.tmp
    c:\windows\system32\SET3AC.tmp
    c:\windows\system32\SET3AD.tmp
    c:\windows\system32\SET3AE.tmp
    c:\windows\system32\SET3AF.tmp
    c:\windows\system32\SET3B0.tmp
    c:\windows\system32\SET3B2.tmp
    c:\windows\system32\SET3B4.tmp
    c:\windows\system32\SET3B6.tmp
    c:\windows\system32\SET3B7.tmp
    c:\windows\system32\SET3B9.tmp
    c:\windows\system32\SET3BA.tmp
    c:\windows\system32\SET3BB.tmp
    c:\windows\system32\SET3BC.tmp
    c:\windows\system32\SET3BD.tmp
    c:\windows\system32\SET3BE.tmp
    c:\windows\system32\SET3BF.tmp
    c:\windows\system32\SET3C0.tmp
    c:\windows\system32\SET3C1.tmp
    c:\windows\system32\SET3C6.tmp
    c:\windows\system32\SET3C7.tmp
    c:\windows\system32\SET3C8.tmp
    c:\windows\system32\SET3C9.tmp
    c:\windows\system32\SET3CB.tmp
    c:\windows\system32\SET3CD.tmp
    c:\windows\system32\SET3CE.tmp
    c:\windows\system32\SET3CF.tmp
    c:\windows\system32\SET3D0.tmp
    c:\windows\system32\SET3D1.tmp
    c:\windows\system32\SET3D2.tmp
    c:\windows\system32\SET3D3.tmp
    c:\windows\system32\SET3D4.tmp
    c:\windows\system32\SET3D5.tmp
    c:\windows\system32\SET3D6.tmp
    c:\windows\system32\SET3D7.tmp
    c:\windows\system32\SET3D8.tmp
    c:\windows\system32\SET3D9.tmp
    c:\windows\system32\SET3DA.tmp
    c:\windows\system32\SET3DB.tmp
    c:\windows\system32\SET3DC.tmp
    c:\windows\system32\SET3DE.tmp
    c:\windows\system32\SET3E0.tmp
    c:\windows\system32\SET3E1.tmp
    c:\windows\system32\SET3E2.tmp
    c:\windows\system32\SET3E5.tmp
    c:\windows\system32\SET3E6.tmp
    c:\windows\system32\SET3E7.tmp
    c:\windows\system32\SET3E9.tmp
    c:\windows\system32\SET3EA.tmp
    c:\windows\system32\SET3EB.tmp
    c:\windows\system32\SET3EC.tmp
    c:\windows\system32\SET3ED.tmp
    c:\windows\system32\SET3EE.tmp
    c:\windows\system32\SET3EF.tmp
    c:\windows\system32\SET3F0.tmp
    c:\windows\system32\SET3F1.tmp
    c:\windows\system32\SET3F2.tmp
    c:\windows\system32\SET3F4.tmp
    c:\windows\system32\SET3F5.tmp
    c:\windows\system32\SET3F7.tmp
    c:\windows\system32\SET3F8.tmp
    c:\windows\system32\SET3F9.tmp
    c:\windows\system32\SET3FC.tmp
    c:\windows\system32\SET3FE.tmp
    c:\windows\system32\SET3FF.tmp
    c:\windows\system32\SET400.tmp
    c:\windows\system32\SET402.tmp
    c:\windows\system32\SET404.tmp
    c:\windows\system32\SET405.tmp
    c:\windows\system32\SET407.tmp
    c:\windows\system32\SET408.tmp
    c:\windows\system32\SET409.tmp
    c:\windows\system32\SET40A.tmp
    c:\windows\system32\SET40B.tmp
    c:\windows\system32\SET40C.tmp
    c:\windows\system32\SET40D.tmp
    c:\windows\system32\SET40F.tmp
    c:\windows\system32\SET410.tmp
    c:\windows\system32\SET411.tmp
    c:\windows\system32\SET412.tmp
    c:\windows\system32\SET414.tmp
    c:\windows\system32\SET416.tmp
    c:\windows\system32\SET417.tmp
    c:\windows\system32\SET419.tmp
    c:\windows\system32\SET41B.tmp
    c:\windows\system32\SET41C.tmp
    c:\windows\system32\SET41E.tmp
    c:\windows\system32\SET41F.tmp
    c:\windows\system32\SET420.tmp
    c:\windows\system32\SET421.tmp
    c:\windows\system32\SET422.tmp
    c:\windows\system32\SET423.tmp
    c:\windows\system32\SET424.tmp
    c:\windows\system32\SET425.tmp
    c:\windows\system32\SET427.tmp
    c:\windows\system32\SET428.tmp
    c:\windows\system32\SET429.tmp
    c:\windows\system32\SET42B.tmp
    c:\windows\system32\SET42E.tmp
    c:\windows\system32\SET42F.tmp
    c:\windows\system32\SET430.tmp
    c:\windows\system32\SET432.tmp
    c:\windows\system32\SET433.tmp
    c:\windows\system32\SET434.tmp
    c:\windows\system32\SET435.tmp
    c:\windows\system32\SET436.tmp
    c:\windows\system32\SET437.tmp
    c:\windows\system32\SET438.tmp
    c:\windows\system32\SET439.tmp
    c:\windows\system32\SET43B.tmp
    c:\windows\system32\SET43C.tmp
    c:\windows\system32\SET43D.tmp
    c:\windows\system32\SET43E.tmp
    c:\windows\system32\SET43F.tmp
    c:\windows\system32\SET440.tmp
    c:\windows\system32\SET441.tmp
    c:\windows\system32\SET444.tmp
    c:\windows\system32\SET44C.tmp
    c:\windows\system32\SET44E.tmp
    c:\windows\system32\SET44F.tmp
    c:\windows\system32\SET450.tmp
    c:\windows\system32\SET451.tmp
    c:\windows\system32\SET453.tmp
    c:\windows\system32\SET454.tmp
    c:\windows\system32\SET455.tmp
    c:\windows\system32\SET456.tmp
    c:\windows\system32\SET457.tmp
    c:\windows\system32\SET458.tmp
    c:\windows\system32\SET459.tmp
    c:\windows\system32\SET45A.tmp
    c:\windows\system32\SET45D.tmp
    c:\windows\system32\SET45F.tmp
    c:\windows\system32\SET460.tmp
    c:\windows\system32\SET461.tmp
    c:\windows\system32\SET462.tmp
    c:\windows\system32\SET463.tmp
    c:\windows\system32\SET464.tmp
    c:\windows\system32\SET467.tmp
    c:\windows\system32\SET468.tmp
    c:\windows\system32\SET469.tmp
    c:\windows\system32\SET46A.tmp
    c:\windows\system32\SET46C.tmp
    c:\windows\system32\SET46D.tmp
    c:\windows\system32\SET46E.tmp
    c:\windows\system32\SET471.tmp
    c:\windows\system32\SET478.tmp
    c:\windows\system32\SET47C.tmp
    c:\windows\system32\SET47D.tmp
    c:\windows\system32\SET47E.tmp
    c:\windows\system32\SET47F.tmp
    c:\windows\system32\SET483.tmp
    c:\windows\system32\SET488.tmp
    c:\windows\system32\SET48B.tmp
    c:\windows\system32\SET48C.tmp
    c:\windows\system32\SET48D.tmp
    c:\windows\system32\SET48E.tmp
    c:\windows\system32\SET492.tmp
    c:\windows\system32\SET494.tmp
    c:\windows\system32\SET497.tmp
    c:\windows\system32\SET498.tmp
    c:\windows\system32\SET499.tmp
    c:\windows\system32\SET49C.tmp
    c:\windows\system32\SET49D.tmp
    c:\windows\system32\SET49E.tmp
    c:\windows\system32\SET49F.tmp
    c:\windows\system32\SET4A0.tmp
    c:\windows\system32\SET4A1.tmp
    c:\windows\system32\SET4A2.tmp
    c:\windows\system32\SET4A4.tmp
    c:\windows\system32\SET4A5.tmp
    c:\windows\system32\SET4A6.tmp
    c:\windows\system32\SET4A8.tmp
    c:\windows\system32\SET4A9.tmp
    c:\windows\system32\SET4AA.tmp
    c:\windows\system32\SET4AB.tmp
    c:\windows\system32\SET4AC.tmp
    c:\windows\system32\SET4AE.tmp
    c:\windows\system32\SET4B1.tmp
    c:\windows\system32\SET4B3.tmp
    c:\windows\system32\SET4B4.tmp
    c:\windows\system32\SET4B5.tmp
    c:\windows\system32\SET4B7.tmp
    c:\windows\system32\SET4B8.tmp
    c:\windows\system32\SET4B9.tmp
    c:\windows\system32\SET4BA.tmp
    c:\windows\system32\SET4BC.tmp
    c:\windows\system32\SET4BE.tmp
    c:\windows\system32\SET4BF.tmp
    c:\windows\system32\SET4C0.tmp
    c:\windows\system32\SET4C1.tmp
    c:\windows\system32\SET4C2.tmp
    c:\windows\system32\SET4C3.tmp
    c:\windows\system32\SET4C4.tmp
    c:\windows\system32\SET4C5.tmp
    c:\windows\system32\SET4C6.tmp
    c:\windows\system32\SET4CA.tmp
    c:\windows\system32\SET4CB.tmp
    c:\windows\system32\SET4CC.tmp
    c:\windows\system32\SET4CE.tmp
    c:\windows\system32\SET4CF.tmp
    c:\windows\system32\SET4D0.tmp
    c:\windows\system32\SET4D1.tmp
    c:\windows\system32\SET4D2.tmp
    c:\windows\system32\SET4D3.tmp
    c:\windows\system32\SET4D5.tmp
    c:\windows\system32\SET4D7.tmp
    c:\windows\system32\SET4D9.tmp
    c:\windows\system32\SET4DA.tmp
    c:\windows\system32\SET4DC.tmp
    c:\windows\system32\SET4DD.tmp
    c:\windows\system32\SET4DE.tmp
    c:\windows\system32\SET4E1.tmp
    c:\windows\system32\SET4E2.tmp
    c:\windows\system32\SET4E3.tmp
    c:\windows\system32\SET4E4.tmp
    c:\windows\system32\SET4E7.tmp
    c:\windows\system32\SET4E8.tmp
    c:\windows\system32\SET4E9.tmp
    c:\windows\system32\SET4EC.tmp
    c:\windows\system32\SET4ED.tmp
    c:\windows\system32\SET4EE.tmp
    c:\windows\system32\SET4F0.tmp
    c:\windows\system32\SET4F1.tmp
    c:\windows\system32\SET4F2.tmp
    c:\windows\system32\SET4F5.tmp
    c:\windows\system32\SET4F6.tmp
    c:\windows\system32\SET4F7.tmp
    c:\windows\system32\SET4FB.tmp
    c:\windows\system32\SET4FC.tmp
    c:\windows\system32\SET4FD.tmp
    c:\windows\system32\SET4FF.tmp
    c:\windows\system32\SET501.tmp
    c:\windows\system32\SET502.tmp
    c:\windows\system32\SET503.tmp
    c:\windows\system32\SET505.tmp
    c:\windows\system32\SET506.tmp
    c:\windows\system32\SET507.tmp
    c:\windows\system32\SET508.tmp
    c:\windows\system32\SET50B.tmp
    c:\windows\system32\SET50C.tmp
    c:\windows\system32\SET50E.tmp
    c:\windows\system32\SET510.tmp
    c:\windows\system32\SET512.tmp
    c:\windows\system32\SET513.tmp
    c:\windows\system32\SET514.tmp
    c:\windows\system32\SET515.tmp
    c:\windows\system32\SET517.tmp
    c:\windows\system32\SET518.tmp
    c:\windows\system32\SET519.tmp
    c:\windows\system32\SET51B.tmp
    c:\windows\system32\SET51C.tmp
    c:\windows\system32\SET51E.tmp
    c:\windows\system32\SET521.tmp
    c:\windows\system32\SET522.tmp
    c:\windows\system32\SET524.tmp
    c:\windows\system32\SET525.tmp
    c:\windows\system32\SET526.tmp
    c:\windows\system32\SET52C.tmp
    c:\windows\system32\SET52D.tmp
    c:\windows\system32\SET52E.tmp
    c:\windows\system32\SET530.tmp
    c:\windows\system32\SET531.tmp
    c:\windows\system32\SET532.tmp
    c:\windows\system32\SET533.tmp
    c:\windows\system32\SET534.tmp
    c:\windows\system32\SET535.tmp
    c:\windows\system32\SET536.tmp
    c:\windows\system32\SET537.tmp
    c:\windows\system32\SET539.tmp
    c:\windows\system32\SET53B.tmp
    c:\windows\system32\SET53E.tmp
    c:\windows\system32\SET53F.tmp
    c:\windows\system32\SET543.tmp
    c:\windows\system32\SET548.tmp
    c:\windows\system32\SET54C.tmp
    c:\windows\system32\SET54E.tmp
    c:\windows\system32\SET54F.tmp
    c:\windows\system32\SET550.tmp
    c:\windows\system32\SET551.tmp
    c:\windows\system32\SET553.tmp
    c:\windows\system32\SET554.tmp
    c:\windows\system32\SET559.tmp
    c:\windows\system32\SET55B.tmp
    c:\windows\system32\SET55C.tmp
    c:\windows\system32\SET55E.tmp
    c:\windows\system32\SET55F.tmp
    c:\windows\system32\SET565.tmp
    c:\windows\system32\SET570.tmp
    c:\windows\system32\SET574.tmp
    c:\windows\system32\SET575.tmp
    c:\windows\system32\SET579.tmp
    c:\windows\system32\SET581.tmp
    c:\windows\system32\SET583.tmp
    c:\windows\system32\SET588.tmp
    c:\windows\system32\SET589.tmp
    c:\windows\system32\SET58B.tmp
    c:\windows\system32\SET58C.tmp
    c:\windows\system32\SET591.tmp
    c:\windows\system32\SET593.tmp
    c:\windows\system32\SET594.tmp
    c:\windows\system32\SET595.tmp
    c:\windows\system32\SET597.tmp
    c:\windows\system32\SET598.tmp
    c:\windows\system32\SET599.tmp
    c:\windows\system32\SET59A.tmp
    c:\windows\system32\SET59C.tmp
    c:\windows\system32\SET59D.tmp
    c:\windows\system32\SET59E.tmp
    c:\windows\system32\SET59F.tmp
    c:\windows\system32\SET5A0.tmp
    c:\windows\system32\SET5A3.tmp
    c:\windows\system32\SET5A5.tmp
    c:\windows\system32\SET5AA.tmp
    c:\windows\system32\SET5AB.tmp
    c:\windows\system32\SET5B3.tmp
    c:\windows\system32\SET5BA.tmp
    c:\windows\system32\SET5BF.tmp
    c:\windows\system32\SET5C1.tmp
    c:\windows\system32\SET5C4.tmp
    c:\windows\system32\SET5C5.tmp
    c:\windows\system32\SET5C7.tmp
    c:\windows\system32\SET5C8.tmp
    c:\windows\system32\SET5C9.tmp
    c:\windows\system32\SET5CB.tmp
    c:\windows\system32\SET5CD.tmp
    c:\windows\system32\SET5D0.tmp
    c:\windows\system32\SET5D1.tmp
    c:\windows\system32\SET5D2.tmp
    c:\windows\system32\SET5D5.tmp
    c:\windows\system32\SET5D6.tmp
    c:\windows\system32\SET5D7.tmp
    c:\windows\system32\SET5DB.tmp
    c:\windows\system32\SET5DC.tmp
    c:\windows\system32\SET5DD.tmp
    c:\windows\system32\SET5E5.tmp
    c:\windows\system32\SET5E8.tmp
    c:\windows\system32\SET5EC.tmp
    c:\windows\system32\SET5EE.tmp
    c:\windows\system32\SET5F0.tmp
    c:\windows\system32\SET5F3.tmp
    c:\windows\system32\SET5F9.tmp
    c:\windows\system32\SET5FB.tmp
    c:\windows\system32\SET5FC.tmp
    c:\windows\system32\SET5FD.tmp
    c:\windows\system32\SET5FF.tmp
    c:\windows\system32\SET603.tmp
    c:\windows\system32\SET607.tmp
    c:\windows\system32\SET60E.tmp
    c:\windows\system32\SET611.tmp
    c:\windows\system32\SET613.tmp
    c:\windows\system32\SET619.tmp
    c:\windows\system32\SET622.tmp
    c:\windows\system32\SET628.tmp
    c:\windows\system32\SET62A.tmp
    c:\windows\system32\SET62B.tmp
    c:\windows\system32\SET62C.tmp
    c:\windows\system32\SET638.tmp
    c:\windows\system32\SET63D.tmp
    c:\windows\system32\SET643.tmp
    c:\windows\system32\SET653.tmp
    c:\windows\system32\SET654.tmp
    c:\windows\system32\SET67E.tmp
    c:\windows\system32\SET681.tmp
    c:\windows\system32\SET688.tmp
    c:\windows\system32\SET689.tmp
    c:\windows\system32\SET68A.tmp
    c:\windows\system32\SET68C.tmp
    c:\windows\system32\SET68D.tmp
    c:\windows\system32\SET68E.tmp
    c:\windows\system32\SET68F.tmp
    c:\windows\system32\SET691.tmp
    c:\windows\system32\SET693.tmp
    c:\windows\system32\SET694.tmp
    c:\windows\system32\SET695.tmp
    c:\windows\system32\SET698.tmp
    c:\windows\system32\SET69A.tmp
    c:\windows\system32\SET69F.tmp
    c:\windows\system32\SET6A0.tmp
    c:\windows\system32\SET6A8.tmp
    c:\windows\system32\SET6AF.tmp
    c:\windows\system32\SET6B6.tmp
    c:\windows\system32\SET6B9.tmp
    c:\windows\system32\SET6BC.tmp
    c:\windows\system32\SET6BE.tmp
    c:\windows\system32\SET6C2.tmp
    c:\windows\system32\SET6C5.tmp
    c:\windows\system32\SET6C6.tmp
    c:\windows\system32\SET6CB.tmp
    c:\windows\system32\SET6CC.tmp
    c:\windows\system32\SET6D0.tmp
    c:\windows\system32\SET6D1.tmp
    c:\windows\system32\SET6DA.tmp
    c:\windows\system32\SET6DD.tmp
    c:\windows\system32\SET6E1.tmp
    c:\windows\system32\SET6E3.tmp
    c:\windows\system32\SET6E5.tmp
    c:\windows\system32\SETEC0.tmp
    c:\windows\system32\SETEC3.tmp
    c:\windows\system32\SETEC4.tmp
    c:\windows\system32\SETEC8.tmp
    c:\windows\system32\SETEF7.tmp
    c:\windows\system32\SETEF9.tmp
    c:\windows\system32\SETFA6.tmp
    c:\windows\system32\SETFA9.tmp
    c:\windows\system32\SETFAE.tmp
    c:\windows\system32\SETFDD.tmp
    c:\windows\system32\SETFDF.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-03 07:03 . 2012-08-03 07:0356200----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B81702FE-42CA-4C47-8725-8431F6B7EB09}\offreg.dll
    2012-08-03 06:32 . 2012-06-29 08:446891424----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B81702FE-42CA-4C47-8725-8431F6B7EB09}\mpengine.dll
    2012-07-27 00:17 . 2012-07-27 00:17--------d-----w-c:\documents and settings\New Administrator\Local Settings\Application Data\Apple Computer
    2012-07-27 00:16 . 2012-07-27 00:16--------d-----w-c:\documents and settings\New Administrator\Local Settings\Application Data\Adobe
    2012-07-27 00:16 . 2012-07-27 00:16--------d-----w-c:\documents and settings\New Administrator\Application Data\Apple Computer
    2012-07-27 00:12 . 2012-07-27 00:12--------d-sh--w-c:\documents and settings\New Administrator\IETldCache
    2012-07-26 21:59 . 2012-08-03 04:43--------d-----w-c:\documents and settings\Administrator
    2012-07-26 20:55 . 2012-07-26 20:5535816----a-w-c:\windows\system32\drivers\Partizan.sys
    2012-07-26 20:55 . 2012-07-26 20:5539184----a-w-c:\windows\system32\Partizan.exe
    2012-07-26 20:55 . 2012-07-26 20:55--------d-----r-C:\comment.htt
    2012-07-23 13:24 . 2012-07-26 20:5924416----a-w-c:\windows\system32\drivers\regguard.sys
    2012-07-20 20:10 . 2012-07-30 20:54--------d-----w-c:\documents and settings\All Users\Application Data\RegRun
    2012-07-20 20:07 . 2012-07-20 20:072--shatr-c:\windows\winstart.bat
    2012-07-20 20:07 . 2012-06-27 20:0112800----a-w-c:\windows\system32\drivers\UnHackMeDrv.sys
    2012-07-20 20:07 . 2012-07-24 20:44--------d-----w-c:\program files\UnHackMe
    2012-07-17 13:59 . 2012-07-17 13:59--------d-----w-C:\7da463663ba65c59d53132b59029
    2012-07-13 18:27 . 2012-07-13 18:27--------d-----w-C:\70d9dacbc4d71b5b4c
    2012-07-11 12:55 . 2012-07-11 12:55--------d-----w-C:\avastscans
    2012-07-08 17:29 . 2012-07-08 17:29--------d-----w-c:\documents and settings\Owner\Application Data\Malwarebytes
    2012-07-08 17:28 . 2012-07-08 17:28--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-08 17:28 . 2012-07-20 05:51--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-07-08 17:28 . 2012-07-03 17:4622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-08 16:48 . 2012-07-08 16:47205072----a-w-c:\windows\system32\drivers\tmcomm.sys
    2012-07-08 16:47 . 2012-07-13 04:45131344----a-w-c:\windows\system32\drivers\tmrkb.sys
    2012-07-08 15:02 . 2012-07-08 15:0214664----a-w-c:\windows\stinger.sys
    2012-07-08 15:01 . 2012-07-08 15:42--------d-----w-c:\program files\stinger
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 14:44 . 2004-05-12 12:083997----a-w-c:\windows\viassary-hp.reg
    2012-06-29 08:44 . 2006-06-30 14:336891424----a-w-c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-06-28 12:52 . 2010-12-13 22:29353688----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-06-28 12:52 . 2010-12-13 22:2954232----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-06-28 12:52 . 2011-07-03 12:11721000----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-06-28 12:52 . 2010-12-13 22:2935928----a-w-c:\windows\system32\drivers\aswRdr.sys
    2012-06-28 12:52 . 2010-12-13 22:2997352----a-w-c:\windows\system32\drivers\aswmon2.sys
    2012-06-28 12:52 . 2010-12-13 22:2989624----a-w-c:\windows\system32\drivers\aswmon.sys
    2012-06-28 12:52 . 2010-12-13 22:2921256----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-06-28 12:52 . 2010-12-13 22:2925256----a-w-c:\windows\system32\drivers\aavmker4.sys
    2012-06-28 12:52 . 2010-12-13 22:2841224----a-w-c:\windows\avastSS.scr
    2012-06-28 12:51 . 2010-12-13 22:28227648----a-w-c:\windows\system32\aswBoot.exe
    2012-06-02 19:19 . 2007-05-23 20:5522040----a-w-c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-05-23 20:5515384----a-w-c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2005-07-21 18:29329240----a-w-c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2005-07-21 18:29219160----a-w-c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2005-07-21 18:29210968----a-w-c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2007-05-23 20:5515384----a-w-c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2005-07-21 18:2935864----a-w-c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2005-05-26 08:1645080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2004-06-04 22:2497304----a-w-c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2004-06-04 21:5153784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2007-05-23 20:5517944----a-w-c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2005-07-21 18:29577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2004-06-04 21:511933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2011-07-19 09:41214256----a-w-c:\windows\system32\muweb.dll
    2012-06-02 19:18 . 2011-07-19 09:4117136----a-w-c:\windows\system32\mucltui.dll.mui
    2012-06-02 19:18 . 2011-07-19 09:41275696----a-w-c:\windows\system32\mucltui.dll
    2012-05-31 16:25 . 2009-10-03 16:39237072------w-c:\windows\system32\MpSigStub.exe
    2012-05-31 13:22 . 2004-05-12 10:06599040----a-w-c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2004-01-22 06:16916992----a-w-c:\windows\system32\wininet.dll
    2012-05-15 13:20 . 2010-12-14 22:091863168----a-w-c:\windows\system32\win32k.sys
    2012-05-15 00:39 . 2012-05-15 00:39419488----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-05-15 00:39 . 2011-05-27 10:5070304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-11 14:42 . 2004-06-04 22:2643520----a-w-c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2004-06-04 22:251469440----a-w-c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2004-08-04 05:59385024----a-w-c:\windows\system32\html.iec
    2008-02-28 05:30 . 2008-02-28 05:302293848----a-w-c:\program files\FLV PlayerFCSetup.exe
    2008-02-28 05:19 . 2008-02-28 05:193955352----a-w-c:\program files\FLV PlayerRCATSetup.exe
    2008-02-28 05:18 . 2008-02-28 05:18411248----a-w-c:\program files\FLV PlayerRCSetup.exe
    2007-03-09 08:1227648--sha-w-c:\windows\system32\AVSredirect.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-06-28 12:51121528----a-w-c:\program files\Alwil Software\Avast5\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CuteReminder"="c:\program files\CuteReminder\CuteReminder.exe" [2004-10-28 807424]
    "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]
    "Akamai NetSession Interface"="c:\documents and settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-04-21 118784]
    "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
    "HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
    "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
    "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-19 4355576]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-10-19 960640]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-10-19 377320]
    "Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2000-06-02 32768]
    "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2000-06-13 36864]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
    "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-24 3026944]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
    "nwiz"="nwiz.exe" [2004-02-24 753664]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Owner\Start Menu\Programs\Startup\
    HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-5-12 36864]
    IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-5-12 57344]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\PrintMaster 16\pmremind.exe [2004-1-20 339968]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-8-11 688128]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0Partizan
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shockwave Updater]
    2009-06-05 11:38468408----a-w-c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MySql"=2 (0x2)
    "avast! Web Scanner"=3 (0x3)
    "avast! Mail Scanner"=3 (0x3)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "AlcxMonitor"=ALCXMNTR.EXE
    "MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\WS_FTP Pro\\wsftppro.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2/16/2010 8:52 PM 902432]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [7/3/2011 8:11 AM 721000]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/13/2010 6:29 PM 353688]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [6/4/2004 5:49 PM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/13/2010 6:29 PM 21256]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/8/2012 1:28 PM 655944]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/8/2012 1:28 PM 22344]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2011 11:55 PM 136176]
    S2 mrtRate;mrtRate; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2011 11:55 PM 136176]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [6/4/2004 5:49 PM 14336]
    S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [7/23/2012 9:24 AM 24416]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - aswMBR
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelperREG_MULTI_SZ nosGetPlusHelper
    AkamaiREG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 03:54]
    .
    2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-02 03:54]
    .
    2012-08-03 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/finance?q=ntwk
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
    IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e3o27581.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=1&hl=...ient=firefox-a&rls=org.mozilla:en-US:official
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: CLC-4-TTS: {7529D455-3392-4a17-A489-0C737D1DBAC0} - %profile%\extensions\{7529D455-3392-4a17-A489-0C737D1DBAC0}
    FF - Ext: CLC-Utilities: {C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A} - %profile%\extensions\{C12D2FDC-2ECA-42a5-BA3C-DB93E0E8B70A}
    FF - Ext: CLC-CLiCkSpeak: {D1517460-5F8F-11DB-B0DE-0800200CA666} - %profile%\extensions\{D1517460-5F8F-11DB-B0DE-0800200CA666}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-03 21:18
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_4f7fccd.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    Completion time: 2012-08-03 21:27:55
    ComboFix-quarantined-files.txt 2012-08-04 01:27
    ComboFix2.txt 2012-08-03 04:59
    .
    Pre-Run: 95,815,979,008 bytes free
    Post-Run: 95,797,727,232 bytes free
    .
    - - End Of File - - C3E30BFB4A04DD8415EEBDAA7903F419
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Looks good :)

    How is computer doing?

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. allandncr

    allandncr TS Rookie Topic Starter

    How's my PC doing? It runs slowly, and AVAST and IE don't work.
    I tried restarting my pc to try to get the Avast program to start again and see if it works. It does not work. I can't even stop it from running. Down in the right corner of the screen the small Avast ican has a red X on it. When I right click and open it , it says that the avast pgm has been stopped or is in an inconsistent state, please restart it. There is a "fix it" button in the avast screen and it doesn't do anything. So I'm working without virus protection.
    Second issue is that IE will not work. It starts up and tries. but it just keeps saying it can't open the site and if I try to close IE using the X in the right corner, it closes and then opens up again! It takes three times. It keeps opening. and here is an example of the address field when I try to go to www.weather.com.
    ---
    res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#,res://ieframe.dll/acr_error.htm#weather.com,http://www.weather.com/weather/today/Basking+Ridge+NJ+07920?lswe=07920&from=searchbox_localwx
    ---


    This all began when I ran that command script that I initially sent to you in my first post. Dmitry S. from Unhackme, had sent it to me. It fouled up Avast and IE.
    I'm at my wits end with this.
    Why is IE opening and closing and going around in circles no matter what website I am looking for?
    Do you recommend I uninstall and reinstall AVAST?
    I appreciate your help,
    Allandncr
    OTL logfile created on: 8/4/2012 5:36:02 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\My Downloads\virusjuly2012\techspot.com
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.48 Mb Total Physical Memory | 416.90 Mb Available Physical Memory | 40.73% Memory free
    2.37 Gb Paging File | 1.89 Gb Available in Paging File | 79.90% Paging File free
    Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.71 Gb Total Space | 89.00 Gb Free Space | 62.36% Space Free | Partition Type: NTFS
    Drive D: | 6.32 Gb Total Space | 1.80 Gb Free Space | 28.47% Space Free | Partition Type: FAT32

    Computer Name: YOUR-46E94OWX6A | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
  14. allandncr

    allandncr TS Rookie Topic Starter

    Broni,
    Extras.text from OTL is below,
    OTL Extras logfile created on: 8/4/2012 5:36:03 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\My Downloads\virusjuly2012\techspot.com
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.48 Mb Total Physical Memory | 416.90 Mb Available Physical Memory | 40.73% Memory free
    2.37 Gb Paging File | 1.89 Gb Available in Paging File | 79.90% Paging File free
    Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.71 Gb Total Space | 89.00 Gb Free Space | 62.36% Space Free | Partition Type: NTFS
    Drive D: | 6.32 Gb Total Space | 1.80 Gb Free Space | 28.47% Space Free | Partition Type: FAT32

    Computer Name: YOUR-46E94OWX6A | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-35874355-3876594299-2628908972-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "1222:TCP" = 1222:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\WS_FTP Pro\wsftppro.exe" = C:\Program Files\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington MA)
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
    "C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{00130409-78E1-11D2-B60F-006097C998E7}" = Microsoft PowerPoint 2000 SR-1
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
    "{0467A27E-6F81-4809-97BC-B886A6C08350}" = Xtranormal State - Showpak-FM-Preview
    "{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
    "{0FEDB460-562A-4A93-B92D-02DA249F9618}" = Articulate Studio '09 Pro
    "{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
    "{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
    "{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
    "{1696C54E-599A-4BA2-9941-BB70C4727887}" = Xtranormal State - Voicepack-English-UK-Daniel
    "{16AAFF18-00FC-4D78-AF21-E97B6DF15422}" = Xtranormal State - Voicepack-British-Lucy22k
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1CF1E84A-77D0-4450-BD2D-2FD0D74DDADE}" = Xtranormal State
    "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
    "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
    "{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
    "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
    "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
    "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
    "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
    "{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
    "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{37B639D2-BB33-4B7F-B79E-D4FE01A91C6C}" = Newsletter Ease
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3E286237-C618-4DE6-98B2-0E96DBF01250}" = Xtranormal State - Voicepack-USEnglish-Ryan22k
    "{3E5131E9-1241-4E43-8036-E870C0DEDD97}" = Articulate Studio '09 Pro
    "{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
    "{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
    "{467A3BF8-4C87-4E68-835C-CE5318C157C2}" = Xtranormal State - Voicepack-English-US-Tom
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "{54F8DACC-E782-4840-980A-D76EFEA23DBD}" = Articulate Studio '09 Pro
    "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
    "{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
    "{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
    "{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
    "{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
    "{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
    "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
    "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
    "{78A974B6-F864-41AE-9F5A-0AAF7D40E884}" = PrintMaster 16
    "{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
    "{838A22DF-81CA-4452-9BDD-A1745224D960}" = Xtranormal State - Voicepack-English-UK-Serena
    "{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
    "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
    "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
    "{8E355243-1A34-4EE8-A743-C166E68CF5C0}" = Adobe Captivate 5
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{901C0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Access 2002 Runtime
    "{912536C4-273C-416F-B42C-BBC5B72114D7}" = Xtranormal State - Voicepack-English-US-Samantha
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
    "{99718668-A364-4BD6-B7C6-F1A30D5F2D8C}" = Xtranormal State - Voicepack-USEnglish-Heather22k
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
    "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A54BF015-5D88-458D-9ECE-4DDA82A589EC}" = Xtranormal State - Voicepack-British-Graham22k
    "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
    "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
    "{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
    "{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
    "{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5C314F7-928B-44E3-A8A3-169648B1077D}" = Xtranormal State - SoundPack-Starter Kit
    "{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
    "{C6C44651-7C66-4b11-92E8-17565D3D22DD}" = HP Image Zone Plus 3.5
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{C89C8D86-4423-4A58-AA40-DD259ACE07C1}" = KhalSetup
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
    "{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
    "{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
    "{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
    "{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
    "{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
    "{EECAE5C0-F511-11D3-BC44-0040264306F5}" = Downloader for SHARP Electronic Organizer
    "{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ350
    "{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
    "{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
    "{FC6E3A15-4BB3-48E4-BE25-6D13C4379BA9}" = Write:OutLoud SE
    "{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
    "Able2Doc v4.0" = Able2Doc v4.0
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop 6.0" = Adobe Photoshop 6.0
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
    "Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
    "Akamai" = Akamai NetSession Interface Service
    "Applian FLV Player2.0.23" = Applian FLV Player
    "avast" = avast! Free Antivirus
    "BackWeb-137903 Uninstaller" = Updates from HP
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Cute Reminder_is1" = Cute Reminder version 2.1
    "FLV to WMV Convert_is1" = FLV to WMV Convert 2.7
    "Game Show Presenter PLUS" = Remove Game Show Presenter PLUS
    "Google Chrome" = Google Chrome
    "HP Instant Support" = HP Instant Support
    "HP Photo & Imaging" = HP Image Zone 3.5
    "HPTOOLKIT" = Toolkit View(HP)
    "HyperStudio 4 iPreview" = HyperStudio 4 iPreview
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ImageBlender 3" = ImageBlender 3
    "InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "IomegaWare" = IomegaWare
    "LHTTSSPE" = L&H TTS3000 Español
    "Macro Express 3" = Macro Express 3
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
    "Netscape Browser" = Netscape Browser (remove only)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Display Driver" = NVIDIA Display Driver
    "OmniFormat" = OmniFormat
    "PC Software for YO-520" = PC Software for YO-520
    "Pdf995" = Pdf995
    "PictureIt_v9" = Microsoft Picture It! Photo Premium 9
    "Pixie 2" = Pixie 2
    "PS2" = PS2
    "Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
    "Python 2.2.1" = Python 2.2.1
    "QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
    "Shockwave" = Shockwave
    "ST6UNST #1" = 2004 Tickler Master Edition
    "Tablet Driver" = Tablet
    "tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
    "Tweak UI 2.10" = Tweak UI
    "UnHackMe_is1" = UnHackMe 5.99 release
    "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WebBlender" = WebBlender
    "WebPost" = Microsoft Web Publishing Wizard 1.52
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "Works2004Setup" = Microsoft Works 2004 Setup Launcher
    "WS_FTP Pro" = Ipswitch WS_FTP Pro
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-35874355-3876594299-2628908972-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/2/2012 11:40:07 PM | Computer Name = YOUR-46E94OWX6A | Source = Application Hang | ID = 1002
    Description = Hanging application AvastUI.exe, version 7.0.1451.402, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/4/2012 5:25:35 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:35 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:35 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:35 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:38 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:38 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:46 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:25:46 PM | Computer Name = YOUR-46E94OWX6A | Source = nview_info | ID = 11141121
    Description =

    Error - 8/4/2012 5:30:30 PM | Computer Name = YOUR-46E94OWX6A | Source = MsiInstaller | ID = 11704
    Description = Product: Newsletter Ease -- Error 1704. An installation for Microsoft
    .NET Framework 2.0 Service Pack 2 is currently suspended. You must undo the changes
    made by that installation to continue. Do you want to undo those changes?

    [ System Events ]
    Error - 8/2/2012 12:48:53 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
    to connect.

    Error - 8/2/2012 12:48:53 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
    Description = The Pml Driver HPZ12 service failed to start due to the following
    error: %%1053

    Error - 8/2/2012 10:35:49 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 8/2/2012 4:00:44 PM | Computer Name = YOUR-46E94OWX6A | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
    period.

    Error - 8/3/2012 12:14:43 AM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7034
    Description = The Adobe Active File Monitor V4 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 8/4/2012 5:16:53 PM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
    Description = The mrtRate service failed to start due to the following error: %%2

    Error - 8/4/2012 5:21:04 PM | Computer Name = YOUR-46E94OWX6A | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service iPod Service
    with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

    Error - 8/4/2012 5:21:05 PM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the iPod Service service
    to connect.

    Error - 8/4/2012 5:21:05 PM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7000
    Description = The iPod Service service failed to start due to the following error:
    %%1053

    Error - 8/4/2012 5:21:18 PM | Computer Name = YOUR-46E94OWX6A | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the stisvc service.


    < End of report >


    ----- Original Message -----
    From: TechSpot Forums
    Date: Saturday, August 4, 2012 1:32 pm
    Subject: DDS won't run to create report - New reply to watched thread
    To: allandncr

    > allandncr,
    >
    > Broni replied to a thread you are watching at TechSpot Forums.
    >
    > "[Active] - DDS won't run to create report"
    >
    > This is the message they posted:
    > -----------------------------------------------------------------
    > -----
    > Looks good :)
    >
    > How is computer doing?
    >
    > =================================
    >
    > Download OTL to your Desktop.
    > Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    >
    > Double click on the icon to run it. Make sure all other windows
    > are closed and to let it run uninterrupted.
    > Click the Scan All Users checkbox.
    > Click the Quick Scan button. Do not change any settings unless
    > otherwise told to do so. The scan wont take long.
    > When the scan completes, it will open two notepad windows:
    > OTL.txt and Extras.txt. These are saved in the same location as OTL.
    > Please copy (Edit->Select All, Edit->Copy) the contents of these
    > files, one at a time, and post them back here.
    > -----------------------------------------------------------------
    > -----
    >

    >
    > -----------------------------------------------------------------


    >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please do NOT format your posts by using different font.

    OTL.txt log is incomplete.
    Redo.

    Reinstall Avast.

    As for IE...
    Open it, go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE.
    Same issues?
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...