[RESOLVED] NMMMM....windll32.exe

Started By PeggyB, Aug 25 2010 04:48 AM

Next

You cannot start a new topic
You cannot reply to this topic
Go to first unread post

23 replies to this topic

#1 PeggyB

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 25 August 2010 - 04:48 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:46 Peggy, on 8/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\KPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=W3644
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3644
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\windl32\windll32.exe
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\windl32\windll32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\windl32\windll32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\windl32\windll32.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1224873348187
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KPService - Unknown owner - C:\WINDOWS\system32\KPService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 5108 bytes

Back to top

#2 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 25 August 2010 - 04:50 AM

Peggy...you bad, bad girl....LOL
As everyone else, see here: http://www.smartestc...ease-read-this/

HJT log won't do anymore. By now, it's an obsolete tool.

Also, I need to know what the issues are.

Back to top

#3 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 25 August 2010 - 01:10 PM

It was totally my fault. I downloaded a Hidden Object game and forgot to scan it before opening.
Every time I open WinPatrol little Scotty pops up barking at this NMMMM as a new start up program.
I had to shut down Scotty, it's to annoying. I then did HJT, checked it and found these to be bad:

O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\windl32\windll32.exe
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\windl32\windll32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\windl32\windll32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\windl32\windll32.exe

I don't see anything wrong with computer and would have never known these were bad if WinPatrol hadn't
alerted my.I just can't seem to make them go away. Will go through everything again because couple of them
I didn't do.....bad, bad girl..LOL

Back to top

#4 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 25 August 2010 - 02:45 PM

Go on...

Back to top

#5 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 25 August 2010 - 10:02 PM

OTL.Txt.......

OTL logfile created on: 8/25/2010 4:50:25 Peggy - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 109.42 Gb Free Space | 76.01% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.57 Gb Free Space | 50.58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEGGY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/25 09:33:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/08/25 15:34:00 | 000,106,496 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/09 22:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/01 13:57:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\KPService.exe
PRC - [2003/08/22 02:22:30 | 000,426,099 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe

========== Modules (SafeList) ==========

MOD - [2010/08/25 09:33:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/11/09 22:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/01 13:57:20 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\KPService.exe -- (KPService)
SRV - [2003/08/22 02:22:30 | 000,426,099 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/29 15:27:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/19 10:58:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/19 10:58:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/02 10:45:43 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/02 04:32:14 | 004,613,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/08 22:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NVGTS.SYS -- (nvgts)
DRV - [2007/07/28 01:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/18 17:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 17:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 17:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2003/05/10 15:19:02 | 000,029,228 | ---- | M] (Motive) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VWAN2K.sys -- (VWan2k)
DRV - [2003/05/10 15:18:58 | 000,016,690 | ---- | M] (Motive) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VPROT2K.sys -- (VProt2k)
DRV - [2002/09/20 08:13:34 | 000,003,192 | ---- | M] (Maus Software) [Kernel | System | Running] -- C:\WINDOWS\system32\KPHelper.sys -- (KernelPatch_Helper)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 21:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/08/17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=W3644
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3644

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\extensions\\$FFkey$: $ff_user_default$\extensions\
FF - HKLM\software\mozilla\SeaMonkey 1.1.14\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/09/05 20:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.14\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/07/21 21:10:13 | 000,000,000 | ---D | M]

[2010/02/04 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/16 16:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/02/04 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/12 20:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\2tb1g9tb.default\extensions

O1 HOSTS File: ([2010/06/23 19:23:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HKLM] C:\WINDOWS\windl32\windll32.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Sistema] C:\DOCUME~1\Owner\LOCALS~1\Temp\6891968_Flash_Update.exe File not found
O4 - HKCU..\Run: [HKCU] C:\WINDOWS\windl32\windll32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\WINDOWS\windl32\windll32.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\WINDOWS\windl32\windll32.exe ()
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1224873348187 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...swflash5r42.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 09:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/08/25 09:33:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/25 09:14:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/25 09:14:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/25 09:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/24 23:10:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/19 19:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Maria
[2010/08/17 20:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WeatherBug
[2010/08/15 08:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Chers Comments
[2010/08/10 17:53:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Stat Nursing
[2010/07/10 20:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\STARGAZE_IMAGE_CACHE
[2010/07/10 20:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/07/09 07:53:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/07/09 07:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-PRT22-WISE
[2010/07/09 07:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/06/29 18:14:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 14:32:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/06/28 13:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Selectsoft
[2010/06/28 09:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/28 09:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/28 09:12:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/28 09:11:41 | 000,000,000 | ---D | C] -- C:\dbfae144865e8edee43462c3
[2010/06/27 20:49:51 | 000,003,192 | ---- | C] (Maus Software) -- C:\WINDOWS\System32\KPHelper.sys
[2010/06/27 20:21:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:59:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/06/27 19:27:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/27 19:27:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/25 15:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/06/25 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010/06/23 19:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/23 19:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/23 14:39:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/22 22:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/06/20 17:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/06/20 17:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/20 07:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/06/11 19:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/10 16:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Thinstall
[2010/06/01 13:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2010/05/31 12:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cher's Games!
[2010/05/30 14:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2010/05/03 22:48:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/08/25 16:48:37 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/25 16:21:10 | 000,028,483 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Ownerlog.dat
[2010/08/25 09:35:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 09:35:21 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/25 09:34:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 09:34:58 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 09:34:24 | 015,851,520 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/25 09:33:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/25 09:32:52 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/25 09:14:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 01:24:20 | 000,149,291 | ---- | M] () -- C:\WINDOWS\System32\regularupdate.exe
[2010/08/24 22:15:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/23 12:22:40 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/23 04:43:24 | 000,000,637 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/20 14:25:58 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 23:11:12 | 004,240,964 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/17 22:02:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/08/08 22:59:26 | 000,061,713 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_002.gif
[2010/08/07 11:46:01 | 000,000,032 | ---- | M] () -- C:\WINDOWS\basefx.INI
[2010/07/31 12:37:49 | 000,008,446 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_005.gif
[2010/07/22 19:59:21 | 000,004,634 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_001.gif
[2010/07/21 04:16:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 07:28:37 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Marriage...A Must Read..rtf
[2010/07/07 17:31:12 | 003,266,562 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\530186_ColorMeCute.pdf
[2010/07/07 17:30:05 | 004,531,234 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\530193_AroundTheSeasonsAfghans.pdf
[2010/07/06 02:52:16 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CHEDDAR-THYME POTATO KNISHES.rtf
[2010/07/06 02:47:40 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Butterbeer Recipe.rtf
[2010/07/05 06:52:46 | 000,004,900 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\How 2 Bathe A Cat.rtf
[2010/07/02 18:01:07 | 000,018,257 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Myspace Characters HTML.rtf
[2010/06/29 18:14:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 13:53:44 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinThemes Studio Pro Shell.lnk
[2010/06/27 20:56:26 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IncrediMail (2).lnk
[2010/06/27 20:25:54 | 000,076,928 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/06/27 20:23:44 | 000,540,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 20:23:44 | 000,453,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 20:23:44 | 000,076,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 20:22:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/27 20:20:33 | 000,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 20:00:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/25 20:56:01 | 000,175,786 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bookmarks.html
[2010/06/25 01:02:32 | 000,003,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Libra.rtf
[2010/06/23 19:23:47 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/22 21:42:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/22 19:49:15 | 000,069,720 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HandicrafterCotton499BathMat.PDF
[2010/06/22 12:20:19 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to seamonkey.lnk
[2010/06/20 16:49:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2010/08/25 16:48:40 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBRCheck.exe
[2010/08/25 09:32:58 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/08/25 09:14:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 01:24:09 | 000,149,291 | ---- | C] () -- C:\WINDOWS\System32\regularupdate.exe
[2010/08/17 22:02:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/08/08 22:59:26 | 000,061,713 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_002.gif
[2010/07/31 12:37:49 | 000,008,446 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_005.gif
[2010/07/30 15:55:02 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/22 19:59:21 | 000,004,634 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_001.gif
[2010/07/19 07:28:37 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Marriage...A Must Read..rtf
[2010/07/07 17:31:07 | 003,266,562 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\530186_ColorMeCute.pdf
[2010/07/07 17:30:04 | 004,531,234 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\530193_AroundTheSeasonsAfghans.pdf
[2010/07/06 02:52:16 | 000,002,326 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CHEDDAR-THYME POTATO KNISHES.rtf
[2010/07/06 02:47:40 | 000,001,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Butterbeer Recipe.rtf
[2010/07/05 06:52:46 | 000,004,900 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\How 2 Bathe A Cat.rtf
[2010/07/02 18:01:07 | 000,018,257 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Myspace Characters HTML.rtf
[2010/06/28 13:53:47 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\WDIconsEx.dll
[2010/06/28 13:53:47 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\WDIcons.dll
[2010/06/28 13:53:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WDService.dll
[2010/06/28 13:53:44 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinThemes Studio Pro Shell.lnk
[2010/06/27 20:56:26 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IncrediMail (2).lnk
[2010/06/27 20:49:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WDWrapper.dll
[2010/06/27 20:49:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\KPService.exe
[2010/06/27 16:53:03 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/06/27 16:53:03 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2010/06/27 16:52:33 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/25 16:30:28 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/25 01:02:32 | 000,003,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Libra.rtf
[2010/06/22 19:49:15 | 000,069,720 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HandicrafterCotton499BathMat.PDF
[2010/06/22 12:20:19 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to seamonkey.lnk
[2010/05/03 22:49:38 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/05/03 22:48:21 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/05/03 22:48:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/05/03 22:48:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/05/03 11:52:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/31 12:50:17 | 000,035,840 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2010/02/27 16:21:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2009/10/03 12:36:01 | 006,021,120 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/13 04:40:54 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\xlsupdate332
[2009/07/30 00:09:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/12/21 11:10:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2008/10/23 00:25:20 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\_chk3401200
[2008/09/27 16:15:56 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NeptDDat.txt
[2008/07/08 14:35:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/09 18:38:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/09 18:38:30 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/07/01 01:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 19:24:27 | 000,001,364 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/06 19:24:27 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/07/11 09:37:04 | 000,028,483 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Ownerlog.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/01/09 23:48:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

========== LOP Check ==========

[2010/05/03 16:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/07/10 20:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/12/03 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/01/19 21:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/24 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/05/13 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friday's games
[2008/05/19 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/19 13:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/09/18 21:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/06/25 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/07/30 00:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/08/24 23:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/04 00:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/12/26 10:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/03 08:12:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/07/06 12:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/01 22:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2009/07/21 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2008/05/29 10:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2008/05/19 17:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/21 13:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/05/30 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2008/09/28 20:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Restorer
[2007/11/09 23:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/21 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2009/10/22 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/07/21 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tinySpell
[2010/08/21 13:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/05/16 16:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/05/19 15:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
[2008/05/22 00:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/25 09:34:57 | 000,035,164 | ---- | M] () -- C:\aaw7boot.log
[2007/11/09 22:57:35 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2009/07/30 00:09:37 | 054,933,474 | ---- | M] () -- C:\BellSouthIW.re~
[2010/06/20 16:49:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/02/15 21:08:32 | 000,000,195 | ---- | M] () -- C:\dolphin_log.html
[2010/05/18 19:55:33 | 000,011,685 | ---- | M] () -- C:\EyeCandyLog.txt
[2010/08/25 09:34:58 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 08:58:10 | 000,000,428 | ---- | M] () -- C:\InstallHelper.log
[2006/05/06 19:38:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/14 23:02:00 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2010/04/16 20:17:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/05/06 19:38:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/02 18:46:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/25 09:34:57 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2007/11/09 23:03:32 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
[2007/11/09 22:59:23 | 000,000,581 | ---- | M] () -- C:\RHDSetup.log
[2010/06/20 15:44:28 | 000,000,009 | ---- | M] () -- C:\temp.txt
[2008/12/31 18:26:35 | 000,000,918 | ---- | M] () -- C:\updatedatfix.log
[2008/07/17 19:46:43 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/06 12:29:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/06 12:29:39 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/06 12:29:39 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-28 01:25:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
**********************************************************************************************************

OTL Extras.Txt........

OTL Extras logfile created on: 8/25/2010 4:50:25 Peggy - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 326.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 109.42 Gb Free Space | 76.01% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.57 Gb Free Space | 50.58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEGGY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
https [open] -- C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10CA154D-A9D5-4CE9-B739-2361518108C7}" = Diskeeper Home Edition
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A056EEC-C508-4C41-B6E1-1844238F4895}" = WinThemes Studio Pro
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2260632D-9998-4ADC-8D81-D228FEA8F9FE}" = BroadJump PPPoE
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.106e
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"7394C7E1FE86ACFE6FB7A2879139A6AEB420EC10" = Windows Driver Package - NVIDIA (NVENETFD) Net (11/27/2006 65.4.8)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-PRT22" = ATT-PRT22
"avast5" = avast! Free Antivirus
"Burn4Free CD & DVD_is1" = Burn4Free CD & DVD 4.9.0.0
"CCleaner" = CCleaner
"Cleanse Uninstaller Pro 5" = Cleanse Uninstaller Pro 5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"D93CE88F69FBAD21C270C82347C084C1411AFF43" = Windows Driver Package - NVIDIA (nvnetbus) NVIDIA Network Bus Enumerator (11/27/2006 65.4.8)
"Empty Temp Folders 2.8.3" = Empty Temp Folders 2.8.3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FormatFactory" = FormatFactory 2.30
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IncrediMail" = IncrediMail
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotiveReportAgent" = BellSouth FastAccess DSL Report Agent
"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultiStage Recovery_is1" = MultiStage Recovery 4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Premium Booster" = Premium Booster
"SeaMonkey (1.1.14)" = SeaMonkey (1.1.14)
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"tinySpell_is1" = tinySpell 1.7.010
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"Webshots Desktop_is1" = Webshots Desktop
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2008
"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free
"Wondershare Photo Recovery_is1" = Wondershare Photo Recovery 1.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 10:12:39 Peggy | Computer Name = PEGGY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10418792.

Error - 8/25/2010 10:12:39 Peggy | Computer Name = PEGGY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10418792.

Error - 8/25/2010 10:12:39 Peggy | Computer Name = PEGGY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10418792.

Error - 8/25/2010 10:12:39 Peggy | Computer Name = PEGGY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x10418792.

Error - 8/25/2010 10:14:34 Peggy | Computer Name = PEGGY | Source = MsiInstaller | ID = 11706
Description = Product: ScannerCopy -- Error 1706.No valid source could be found
for product ScannerCopy. The Windows Installer cannot continue.

Error - 8/25/2010 10:14:55 Peggy | Computer Name = PEGGY | Source = MsiInstaller | ID = 11706
Description = Product: ScannerCopy -- Error 1706.No valid source could be found
for product ScannerCopy. The Windows Installer cannot continue.

Error - 8/25/2010 10:14:58 Peggy | Computer Name = PEGGY | Source = MsiInstaller | ID = 11706
Description = Product: ScannerCopy -- Error 1706.No valid source could be found
for product ScannerCopy. The Windows Installer cannot continue.

Error - 8/25/2010 10:15:27 Peggy | Computer Name = PEGGY | Source = MsiInstaller | ID = 11706
Description = Product: ScannerCopy -- Error 1706.No valid source could be found
for product ScannerCopy. The Windows Installer cannot continue.

Error - 8/25/2010 10:15:31 Peggy | Computer Name = PEGGY | Source = MsiInstaller | ID = 11706
Description = Product: ScannerCopy -- Error 1706.No valid source could be found
for product ScannerCopy. The Windows Installer cannot continue.

Error - 8/25/2010 10:15:33 Peggy | Computer Name = PEGGY | Source = MsiInstaller | ID = 11706
Description = Product: ScannerCopy -- Error 1706.No valid source could be found
for product ScannerCopy. The Windows Installer cannot continue.

[ System Events ]
Error - 7/22/2010 7:22:39 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 7/22/2010 10:09:08 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The KPService service terminated unexpectedly. It has done this 1
time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The Diskeeper service terminated unexpectedly. It has done this 1
time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The McciCMService service terminated unexpectedly. It has done this
1 time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The PrismXL service terminated unexpectedly. It has done this 1 time(s).

Error - 8/25/2010 10:10:34 Peggy | Computer Name = PEGGY | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

< End of report >
**********************************************************************************************************

MBR Check.........

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 177):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF7358000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7347000 pci.sys
0xF7487000 isapnp.sys
0xF7497000 ohci1394.sys
0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF789B000 compbatt.sys
0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF798B000 aliide.sys
0xF798D000 intelide.sys
0xF798F000 toside.sys
0xF7991000 viaide.sys
0xF7993000 cmdide.sys
0xF7329000 pcmcia.sys
0xF74B7000 MountMgr.sys
0xF730A000 ftdisk.sys
0xF78A3000 ACPIEC.sys
0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF770F000 PartMgr.sys
0xF74C7000 VolSnap.sys
0xF78A7000 cpqarray.sys
0xF72F2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF72DA000 atapi.sys
0xF78AB000 aha154x.sys
0xF7717000 sparrow.sys
0xF78AF000 symc810.sys
0xF74D7000 aic78xx.sys
0xF78B3000 dac960nt.sys
0xF74E7000 ql10wnt.sys
0xF78B7000 amsint.sys
0xF771F000 asc.sys
0xF78BB000 asc3550.sys
0xF7727000 mraid35x.sys
0xF772F000 i2omp.sys
0xF78BF000 ini910u.sys
0xF74F7000 ql1240.sys
0xF7507000 aic78u2.sys
0xF7737000 symc8xx.sys
0xF773F000 sym_hi.sys
0xF7747000 sym_u3.sys
0xF774F000 ABP480N5.SYS
0xF7757000 asc3350p.sys
0xF7995000 cd20xrnt.sys
0xF7517000 ultra.sys
0xF72C1000 adpu160m.sys
0xF775F000 dpti2o.sys
0xF7527000 ql1080.sys
0xF7537000 ql1280.sys
0xF7547000 ql12160.sys
0xF7767000 perc2.sys
0xF7997000 perc2hib.sys
0xF776F000 hpn.sys
0xF78C3000 cbidf2k.sys
0xF7295000 dac2w2k.sys
0xF7278000 NVGTS.SYS
0xF7557000 disk.sys
0xF7567000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7258000 fltmgr.sys
0xF7246000 sr.sys
0xF7577000 Lbd.sys
0xF722F000 KSecDD.sys
0xF71A2000 Ntfs.sys
0xF7175000 NDIS.sys
0xF7587000 sisagp.sys
0xF7597000 viaagp.sys
0xF715B000 Mup.sys
0xF75A7000 alim1541.sys
0xF75B7000 amdagp.sys
0xF75C7000 agp440.sys
0xF75D7000 agpCPQ.sys
0xF7697000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7943000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5452000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7797000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF779F000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF542E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF53EF000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF53CC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF52DA000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF5228000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF77AF000 \SystemRoot\System32\Drivers\Modem.SYS
0xF5200000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7947000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF5116000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF4753000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF473F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7B3D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF714B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF4728000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF713B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF712B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF4717000 \SystemRoot\system32\DRIVERS\psched.sys
0xF711B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77C7000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\VWan2k.SYS
0xF710B000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF560B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79C1000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF46B9000 \SystemRoot\system32\DRIVERS\update.sys
0xF7957000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF699A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF695A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79F5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF693A000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xEFA27000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEFA03000 \SystemRoot\system32\drivers\portcls.sys
0xF7617000 \SystemRoot\system32\drivers\drmk.sys
0xF14B7000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF149B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xEE629000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF11B6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7A35000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEE45A000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A37000 \SystemRoot\System32\Drivers\Beep.SYS
0xEE52E000 \SystemRoot\System32\drivers\vga.sys
0xF7A39000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A3B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEE25B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEE253000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF5466000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEDA7E000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEDA25000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE34D000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xED95D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xED93B000 \SystemRoot\System32\drivers\afd.sys
0xEE33D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xED919000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xEE24B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xED8EE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xED87E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEE421000 \??\C:\WINDOWS\system32\KPHelper.sys
0xEE31D000 \SystemRoot\System32\Drivers\Fips.SYS
0xED7FE000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE30D000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xED7AF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xEE22B000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xEF9DF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xEC0FC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEC532000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xEC0B5000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xED42C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF1556000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AD1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7983000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xEB005000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF14A7000 \SystemRoot\system32\DRIVERS\VProt2k.SYS
0xB8749000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF1616000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB8554000 \SystemRoot\system32\drivers\wdmaud.sys
0xF1636000 \SystemRoot\system32\drivers\sysaudio.sys
0xB831F000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB81D8000 \SystemRoot\system32\DRIVERS\srv.sys
0xB85CD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDE85000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB7C6A000 \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdapob.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
588 C:\WINDOWS\system32\smss.exe
644 csrss.exe
668 C:\WINDOWS\system32\winlogon.exe
712 C:\WINDOWS\system32\services.exe
724 C:\WINDOWS\system32\lsass.exe
880 C:\WINDOWS\system32\nvsvc32.exe
912 C:\WINDOWS\system32\svchost.exe
972 svchost.exe
1064 C:\WINDOWS\system32\KPService.exe
1080 C:\WINDOWS\system32\svchost.exe
1160 svchost.exe
1328 svchost.exe
1540 C:\WINDOWS\explorer.exe
1600 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1756 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
2012 C:\Program Files\Internet Explorer\iexplore.exe
760 C:\WINDOWS\system32\spoolsv.exe
528 svchost.exe
1456 C:\Program Files\Executive Software\Diskeeper\DkService.exe
248 C:\Program Files\Java\jre6\bin\jqs.exe
268 C:\Program Files\Common Files\Motive\McciCMService.exe
280 C:\WINDOWS\system32\HPZipm12.exe
420 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1796 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2036 C:\WINDOWS\system32\svchost.exe
1272 wdfmgr.exe
2468 C:\WINDOWS\system32\wscntfy.exe
2712 alg.exe
3484 C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
2728 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`4606b200 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.AAE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD

Done!

***********************************************************************************************************

MalwareBytes........couldn't be done because it sais TypeMismatch and every time I tried to save the log the
whole program would close.

Back to top

#6 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 25 August 2010 - 10:23 PM

Peggy, you bad girl...LOL
Don't create new topic for the same computer.
I just merged both.

Let me see, what's there.

Back to top

#7 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 25 August 2010 - 10:24 PM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Back to top

#8 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 26 August 2010 - 12:22 AM

ComboFix 10-08-24.0C - Owner 08/25/2010 19:13:51.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.436 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\windl32\windll32.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-25 14:14 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 14:14 . 2010-08-25 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 14:14 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 06:24 . 2010-08-25 06:24 149291 ----a-w- c:\windows\system32\regularupdate.exe
2010-08-19 09:30 . 2010-08-19 09:30 98304 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\smime3.dll
2010-08-18 01:29 . 2010-08-18 01:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WeatherBug
2010-08-18 01:29 . 2010-08-18 01:29 18944 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 22:04 . 2008-05-19 21:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-25 04:32 . 2008-06-13 04:40 -------- d-----w- c:\program files\SpywareBlaster
2010-08-25 04:30 . 2009-07-30 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-08-25 04:22 . 2009-09-03 14:48 -------- d-----w- c:\program files\Premium Booster
2010-08-25 03:47 . 2010-05-08 02:09 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-25 03:47 . 2009-03-30 19:38 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-23 17:22 . 2010-07-30 20:55 1178 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-08-21 18:54 . 2008-05-30 02:12 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-08-21 18:54 . 2010-05-05 03:32 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-08-19 09:30 . 2010-08-19 09:30 98304 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
2010-08-18 04:12 . 2008-07-18 00:46 -------- d-----w- c:\program files\Yahoo!
2010-08-18 03:02 . 2008-05-19 20:57 -------- d-----w- c:\program files\CCleaner
2010-08-18 02:17 . 2008-07-18 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-18 01:28 . 2008-07-18 01:27 -------- d--h--w- c:\documents and settings\Owner\Application Data\yahoo!
2010-07-22 11:22 . 2008-05-19 22:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-22 02:05 . 2010-05-03 20:37 -------- d-----w- c:\program files\RealArcade
2010-07-11 01:57 . 2010-07-11 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2010-07-11 00:09 . 2009-07-30 05:09 -------- d-----w- c:\program files\Common Files\Motive
2010-07-09 12:46 . 2010-07-09 12:41 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-07-09 12:41 . 2010-07-09 12:41 -------- d-----w- c:\program files\ATT
2010-07-06 17:22 . 2010-06-12 00:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Friday's games
2010-06-28 20:57 . 2010-06-29 23:14 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2008-05-19 17:53 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2008-05-19 17:53 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-05-19 17:53 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2008-05-19 17:53 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2008-05-19 17:53 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2008-05-19 17:53 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-05-19 17:53 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2008-05-19 17:53 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 18:53 . 2010-06-28 18:53 -------- d-----w- c:\program files\Selectsoft
2010-06-28 14:15 . 2007-11-10 03:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-28 01:25 . 2010-04-03 03:38 76928 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-06-27 21:00 . 2007-11-10 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-27 21:00 . 2008-11-19 03:23 -------- d-----w- c:\program files\MSBuild
2010-06-24 00:15 . 2010-06-24 00:15 503808 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-672ec090-n\msvcp71.dll
2010-06-24 00:15 . 2010-06-24 00:15 499712 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-672ec090-n\jmc.dll
2010-06-24 00:15 . 2010-06-24 00:15 348160 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-672ec090-n\msvcr71.dll
2010-06-24 00:15 . 2010-06-24 00:15 61440 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cb541d2-n\decora-sse.dll
2010-06-24 00:15 . 2010-06-24 00:15 12800 -c--a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2cb541d2-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-26 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-11 15:42 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=c:\windows\pss\SpywareGuard.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-11-29 20:22 58928 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 00:23 110696 -c--a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 07:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 02:24 966656 -c--a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 23:10 56928 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-09-27 07:20 16844800 -c--a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-08-03 06:22 1826816 -c--a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spare Backup]
2007-07-14 00:19 5252936 -c--a-w- c:\program files\Spare Backup\SpareBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-22 11:22 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2008-04-25 17:31 333120 ------w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/2/2009 10:46 Peggy 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/19/2008 12:53 Peggy 165456]
R1 KernelPatch_Helper;KernelPatch_Helper;c:\windows\system32\KPHelper.sys [6/27/2010 8:49 Peggy 3192]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 1:53 Peggy 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 Peggy 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/19/2008 12:53 Peggy 17744]
R2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\drivers\VPROT2K.sys [8/30/2009 12:53 Peggy 16690]
R3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\drivers\VWAN2K.sys [8/30/2009 12:53 Peggy 29228]
S2 KPService;KPService;c:\windows\system32\KPService.exe [6/27/2010 8:49 Peggy 36864]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [6/30/2006 11:44 Peggy 69692]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 Peggy 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - fxtdapob
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3644
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Lavasoft Ad-Aware Service
ActiveSetup-{IT1O8IF2-HDMC-2IND-654K-B11U4X35PT2T} - c:\windows\windl32\windll32.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-25 19:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-25 19:20:57
ComboFix-quarantined-files.txt 2010-08-26 00:20

Pre-Run: 117,303,427,072 bytes free
Post-Run: 117,260,910,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - ADB155D939538A3CAB5D97BDF86CE731

Back to top

#9 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 26 August 2010 - 12:43 AM

It looks good now :)

Please, re-run OTL "Quick scan" and post new log.

Back to top

#10 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 26 August 2010 - 02:40 AM

OTL logfile created on: 8/25/2010 9:26:47 Peggy - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.95 Gb Total Space | 109.22 Gb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 5.08 Gb Total Space | 2.57 Gb Free Space | 50.58% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEGGY
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/25 21:26:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/22 06:22:33 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/28 15:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/08/25 15:34:00 | 000,106,496 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
PRC - [2009/06/07 19:23:36 | 000,251,264 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2009/06/07 19:23:30 | 000,189,824 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/25 12:31:05 | 000,333,120 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/09 22:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/10/01 13:57:20 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\KPService.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/08/22 02:22:30 | 000,426,099 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe

========== Modules (SafeList) ==========

MOD - [2010/08/25 21:26:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/25 12:31:13 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 15:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/11/09 22:51:19 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/01 13:57:20 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\KPService.exe -- (KPService)
SRV - [2003/08/22 02:22:30 | 000,426,099 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/29 15:27:47 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/03 22:55:32 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/19 10:58:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/19 10:58:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/02 10:45:43 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 19:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/02 04:32:14 | 004,613,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/08 22:11:00 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NVGTS.SYS -- (nvgts)
DRV - [2007/07/28 01:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/18 17:16:08 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/18 17:15:18 | 000,256,128 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2006/07/18 17:15:10 | 000,728,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 17:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2003/05/10 15:19:02 | 000,029,228 | ---- | M] (Motive) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VWAN2K.sys -- (VWan2k)
DRV - [2003/05/10 15:18:58 | 000,016,690 | ---- | M] (Motive) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\VPROT2K.sys -- (VProt2k)
DRV - [2002/09/20 08:13:34 | 000,003,192 | ---- | M] (Maus Software) [Kernel | System | Running] -- C:\WINDOWS\system32\KPHelper.sys -- (KernelPatch_Helper)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 21:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)
DRV - [2001/08/17 16:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=W3644
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3644

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKLM\software\mozilla\Firefox\extensions\\$FFkey$: $ff_user_default$\extensions\
FF - HKLM\software\mozilla\SeaMonkey 1.1.14\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009/09/05 20:22:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.14\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2010/07/21 21:10:13 | 000,000,000 | ---D | M]

[2010/02/04 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/11/16 16:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/02/04 20:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/12 20:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\SeaMonkey\Profiles\2tb1g9tb.default\extensions

O1 HOSTS File: ([2010/08/25 19:17:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1224873348187 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...swflash5r42.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/25 21:26:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/25 21:25:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/25 19:12:07 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/25 19:08:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/25 19:08:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/25 19:08:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/25 19:08:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/25 19:07:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/25 09:14:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/25 09:14:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/25 09:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/24 23:10:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/19 19:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Maria
[2010/08/17 20:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\WeatherBug
[2010/08/15 08:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Chers Comments
[2010/08/10 17:53:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Desktop\Stat Nursing
[2010/07/10 20:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\STARGAZE_IMAGE_CACHE
[2010/07/10 20:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/07/09 07:53:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2010/07/09 07:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-PRT22-WISE
[2010/07/09 07:41:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATT
[2010/06/29 18:14:54 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 14:32:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2010/06/28 13:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Selectsoft
[2010/06/28 09:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/06/28 09:14:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/06/28 09:12:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/06/28 09:11:41 | 000,000,000 | ---D | C] -- C:\dbfae144865e8edee43462c3
[2010/06/27 20:49:51 | 000,003,192 | ---- | C] (Maus Software) -- C:\WINDOWS\System32\KPHelper.sys
[2010/06/27 20:21:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/27 19:59:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010/06/27 19:27:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/06/27 19:27:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/06/25 15:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/06/25 15:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010/06/23 19:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/23 19:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/06/22 22:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2010/06/20 17:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/06/20 17:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/06/20 07:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/06/11 19:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/10 16:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Thinstall
[2010/06/01 13:56:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2010/05/31 12:29:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Cher's Games!
[2010/05/30 14:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2010/05/03 22:48:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/08/25 21:26:22 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/25 19:26:41 | 000,272,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/25 19:26:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/25 19:26:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/25 19:26:16 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/25 19:25:44 | 015,990,784 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/25 19:18:11 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/25 19:17:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/25 19:12:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/25 19:04:54 | 003,827,870 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/08/25 09:14:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 01:24:20 | 000,149,291 | ---- | M] () -- C:\WINDOWS\System32\regularupdate.exe
[2010/08/24 22:15:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/23 12:22:40 | 000,001,178 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/08/23 04:43:24 | 000,000,637 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/20 14:25:58 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 23:11:12 | 004,240,964 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/17 22:02:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/08/08 22:59:26 | 000,061,713 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_002.gif
[2010/08/07 11:46:01 | 000,000,032 | ---- | M] () -- C:\WINDOWS\basefx.INI
[2010/07/31 12:37:49 | 000,008,446 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_005.gif
[2010/07/22 19:59:21 | 000,004,634 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_001.gif
[2010/07/21 04:16:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/19 07:28:37 | 000,007,753 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Marriage...A Must Read..rtf
[2010/07/07 17:31:12 | 003,266,562 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\530186_ColorMeCute.pdf
[2010/07/07 17:30:05 | 004,531,234 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\530193_AroundTheSeasonsAfghans.pdf
[2010/07/06 02:52:16 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CHEDDAR-THYME POTATO KNISHES.rtf
[2010/07/06 02:47:40 | 000,001,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Butterbeer Recipe.rtf
[2010/07/05 06:52:46 | 000,004,900 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\How 2 Bathe A Cat.rtf
[2010/07/02 18:01:07 | 000,018,257 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Myspace Characters HTML.rtf
[2010/06/29 18:14:55 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/28 15:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 15:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 15:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 15:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 15:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 15:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 15:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 15:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 15:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 13:53:44 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinThemes Studio Pro Shell.lnk
[2010/06/27 20:56:26 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\IncrediMail (2).lnk
[2010/06/27 20:25:54 | 000,076,928 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2010/06/27 20:23:44 | 000,540,502 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/27 20:23:44 | 000,453,868 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 20:23:44 | 000,076,656 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 20:22:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/27 20:20:33 | 000,296,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 20:00:05 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/25 20:56:01 | 000,175,786 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bookmarks.html
[2010/06/25 01:02:32 | 000,003,992 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Libra.rtf
[2010/06/22 19:49:15 | 000,069,720 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HandicrafterCotton499BathMat.PDF
[2010/06/22 12:20:19 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to seamonkey.lnk
[2010/06/20 16:49:23 | 000,000,281 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2010/08/25 19:12:11 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2010/08/25 19:08:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/25 19:08:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/25 19:08:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/25 19:08:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/25 19:08:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/25 19:04:49 | 003,827,870 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/08/25 09:14:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 01:24:09 | 000,149,291 | ---- | C] () -- C:\WINDOWS\System32\regularupdate.exe
[2010/08/17 22:02:05 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/08/08 22:59:26 | 000,061,713 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_002.gif
[2010/07/31 12:37:49 | 000,008,446 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_005.gif
[2010/07/30 15:55:02 | 000,001,178 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2010/07/22 19:59:21 | 000,004,634 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\ScreenHunter_001.gif
[2010/07/19 07:28:37 | 000,007,753 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Marriage...A Must Read..rtf
[2010/07/07 17:31:07 | 003,266,562 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\530186_ColorMeCute.pdf
[2010/07/07 17:30:04 | 004,531,234 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\530193_AroundTheSeasonsAfghans.pdf
[2010/07/06 02:52:16 | 000,002,326 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\CHEDDAR-THYME POTATO KNISHES.rtf
[2010/07/06 02:47:40 | 000,001,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Butterbeer Recipe.rtf
[2010/07/05 06:52:46 | 000,004,900 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\How 2 Bathe A Cat.rtf
[2010/07/02 18:01:07 | 000,018,257 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Myspace Characters HTML.rtf
[2010/06/28 13:53:47 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\WDIconsEx.dll
[2010/06/28 13:53:47 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\WDIcons.dll
[2010/06/28 13:53:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\WDService.dll
[2010/06/28 13:53:44 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinThemes Studio Pro Shell.lnk
[2010/06/27 20:56:26 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\IncrediMail (2).lnk
[2010/06/27 20:49:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\WDWrapper.dll
[2010/06/27 20:49:51 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\KPService.exe
[2010/06/27 16:53:03 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/06/27 16:53:03 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2010/06/27 16:52:33 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/06/25 16:30:28 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/25 01:02:32 | 000,003,992 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Libra.rtf
[2010/06/22 19:49:15 | 000,069,720 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HandicrafterCotton499BathMat.PDF
[2010/06/22 12:20:19 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to seamonkey.lnk
[2010/05/03 22:49:38 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/05/03 22:48:21 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2010/05/03 22:48:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/05/03 22:48:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/05/03 11:52:08 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/31 12:50:17 | 000,035,840 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2010/02/27 16:21:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\basefx.INI
[2009/10/03 12:36:01 | 006,021,120 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/13 04:40:54 | 000,094,208 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\xlsupdate332
[2009/07/30 00:09:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/12/21 11:10:11 | 000,000,221 | ---- | C] () -- C:\WINDOWS\SOFTEK.INI
[2008/10/23 00:25:20 | 000,000,002 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\_chk3401200
[2008/09/27 16:15:56 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NeptDDat.txt
[2008/07/08 14:35:51 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/09 18:38:32 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/11/09 18:38:30 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/07/13 06:36:36 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\acAuth.dll
[2006/07/01 01:01:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/06 19:24:27 | 000,001,364 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/06 19:24:27 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/03 12:08:45 | 000,034,586 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Ownerlog.dat
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/01/09 23:48:00 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

========== LOP Check ==========

[2010/05/03 16:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AdventureChronicles1
[2010/07/10 20:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2009/12/03 21:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/01/19 21:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/24 17:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/05/13 22:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Friday's games
[2008/05/19 13:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/19 13:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/09/18 21:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2010/06/25 15:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2009/07/30 00:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/08/25 19:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/04 00:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/12/26 10:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/07/03 08:12:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2010/07/06 12:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Friday's games
[2010/06/01 22:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HiT-MM
[2009/07/21 18:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2008/05/29 10:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc
[2008/05/19 17:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/21 13:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2010/05/30 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PoBros
[2008/09/28 20:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Restorer
[2007/11/09 23:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/21 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spare Backup
[2009/10/22 10:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/07/21 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\tinySpell
[2010/08/21 13:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/05/16 16:19:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2008/05/19 15:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Webshots
[2008/05/22 00:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/25 19:26:15 | 000,035,388 | ---- | M] () -- C:\aaw7boot.log
[2007/11/09 22:57:35 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2009/07/30 00:09:37 | 054,933,474 | ---- | M] () -- C:\BellSouthIW.re~
[2010/06/20 16:49:23 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/25 19:12:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/25 19:20:58 | 000,012,798 | ---- | M] () -- C:\ComboFix.txt
[2010/02/15 21:08:32 | 000,000,195 | ---- | M] () -- C:\dolphin_log.html
[2010/05/18 19:55:33 | 000,011,685 | ---- | M] () -- C:\EyeCandyLog.txt
[2010/08/25 19:26:16 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 08:58:10 | 000,000,428 | ---- | M] () -- C:\InstallHelper.log
[2006/05/06 19:38:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/10/14 23:02:00 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2010/04/16 20:17:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/05/06 19:38:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/02 18:46:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/25 19:26:15 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
[2007/11/09 23:03:32 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
[2007/11/09 22:59:23 | 000,000,581 | ---- | M] () -- C:\RHDSetup.log
[2010/06/20 15:44:28 | 000,000,009 | ---- | M] () -- C:\temp.txt
[2008/12/31 18:26:35 | 000,000,918 | ---- | M] () -- C:\updatedatfix.log
[2008/07/17 19:46:43 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/05/06 12:29:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/05/06 12:29:39 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/05/06 12:29:39 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 19:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-28 01:25:18

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Back to top

#11 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 26 August 2010 - 03:11 AM

Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

====================================================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20 - Winlogon\Notify\dimsntfy: DllName - - File not found
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

==========================================================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Back to top

#12 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 26 August 2010 - 02:16 PM

All processes killed
========== OTL ==========
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys not found.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File C:\WINDOWS\System32\DRIVERS\SymIM.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:88A44CC1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DE6EED8B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.PEGGY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 10572891 bytes
->Temporary Internet Files folder emptied: 2516500 bytes
->Java cache emptied: 6668467 bytes
->Flash cache emptied: 2149 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1128410 bytes

Total Files Cleaned = 20.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.PEGGY

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08262010_091338

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Back to top

#13 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 26 August 2010 - 02:19 PM

Security Check..............

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
WinPatrol 2008 (Outdated! Latest version is WinPatrol 2009)
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 6 Update 21
Adobe Flash Player 10.1.82.76
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Back to top

#14 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 26 August 2010 - 02:36 PM

When I go to do this: 3. Go to Kaspersky website and perform an online antivirus scan.
I get the following.........I don't use FF......I use SeaMonkey

Attached Images

Back to top

#15 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 26 August 2010 - 09:49 PM

For that scan, you have to use either Firefox, or IE.
Go with Internet Explorer.

Back to top

#16 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 06 September 2010 - 05:12 AM

Peggy!
Are you going to finish this?

Back to top

#17 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 07 September 2010 - 02:05 AM

Will scan it tomorrow. Everything is working fine tho.

Back to top

#18 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 07 September 2010 - 02:24 AM

You should know the drill.
Unfinished cleaning process may bring you back here quickly... :)

Back to top

#19 PeggyB Re: [RESOLVED] NMMMM....windll32.exe

Administrator

16,924 posts
Joined: October 04, 2004
493 topics
Age: 64
Skin: Smartest
Local time: 07:56 AM

Zodiac:Scorpio
Gender:Female
Location:Pensacola, FL
OS:Windows XP
Country:

Offline

Time Online: 6d 4h 7m 52s

Posted 08 September 2010 - 07:37 AM

Kaspersky Report.......................

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 8, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 07, 2010 23:08:22
Records in database: 4203720
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 158083
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 05:16:36

File name / Threat / Threats count
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP21\A0016271.exe Infected: Backdoor.Win32.ProRat.ixv 1
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP30\A0018010.exe Infected: Backdoor.Win32.ProRat.ixv 1
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP64\A0021291.exe Infected: Backdoor.Win32.ProRat.ixv 1
C:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP64\A0021606.dll Infected: not-a-virus:AdWare.Win32.Zwangi.bgp 1

Selected area has been scanned.

Back to top

#20 Broni Re: [RESOLVED] NMMMM....windll32.exe

Malware Annihilator

24,334 posts
Joined: October 04, 2004
1,748 topics
Age: 57
Skin: IPBoard wide
Local time: 05:56 AM

Zodiac:Virgo
Gender:Male
Location:Daly City, CA
OS:Windows Vista
Country:

Offline

Time Online: 40d 15h 45m 41s

Posted 08 September 2010 - 11:58 PM

Good. Those bad files are in your restore points, which we'll reset in our next step.

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

12. Please, let me know, how is your computer doing.