Computer may be infected - Moved by Jintan

[Jerry56]

If this is a double post I am sorry but I started a similar thrend today but i don't see it .
My pc appear to be infected because :
1) Some microsoft updates can't be install (it show error)
2) It's showing windows -System error (a duplicate name exists on the network)
3) I can open Internet Explorer (it say it's encountered problem and have to close)

[Jintan]

Hello again Jerry56,


No, I don't find any other current posts either. But let's take a look.


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
• If avast! antivirus is already installed, just do the next step.
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

[Jerry56]

First I want you to know that on this PC there are three (3) operating systems :
1) Windows xp home edition
2) windows xp Pro
3) windows xp Pro
I think they are listed as 1) Download
2) Windows
3) Windows.000
I can only boot from one of them so I want to delete two (2) of them but I don't which ones don't work or how to delete them.

[B]Here is the OTL.
OTL logfile created on: 8/9/2012 7:59:16 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

510.55 Mb Total Physical Memory | 267.30 Mb Available Physical Memory | 52.36% Memory free
1.97 Gb Paging File | 1.75 Gb Available in Paging File | 88.68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 17.86 Gb Free Space | 46.65% Space Free | Partition Type: NTFS

Computer Name: GEORGE | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 19:55:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
PRC - [2012/08/08 12:59:12 | 000,161,776 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/09/26 17:41:22 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/09 16:48:33 | 001,792,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12080901\algo.dll
MOD - [2007/02/26 17:22:14 | 000,159,744 | ---- | M] () -- C:\WINDOWS.000\SYSTEM32\mmfinfo.dll
MOD - [2007/02/26 17:21:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS.000\SYSTEM32\mkunicode.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr)
SRV - File not found [Auto | Stopped] -- F:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2012/08/08 12:59:12 | 000,161,776 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/07 02:12:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\WudfSvc.dll -- (WudfSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS.000\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS.000\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS.000\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/07/03 12:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/06 09:49:25 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/06 09:49:24 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2009/12/01 20:17:36 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/12/01 20:17:36 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/12/01 20:17:36 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/12/01 20:17:36 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\rtl8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV05NT.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\es198x.sys -- (allegro)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.alltheinternet.com/search.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.alltheinternet.com/search.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.alltheinternet.com/search.htm
IE - HKCU\..\URLSearchHook: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll (Advanced Search Technologies, Inc)
IE - HKCU\..\SearchScopes,DefaultScope = alltheinternet
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\alltheinternet: "URL" = http://www.alltheinternet.com/texis/open/all?from=IE7SEARCH&q={searchTerms}
IE - HKCU\..\SearchScopes\searchalot: "URL" = http://www.searchalot.com/texis/open/search?from=IE7SEARCH&q={searchTerms}
IE - HKCU\..\SearchScopes\talkingbuddy: "URL" = http://www.talkingbuddy.com/?from=IE7SEARCH&q={searchTerms}
IE - HKCU\..\SearchScopes\wikibuddy: "URL" = http://www.wikibuddy.com/?from=IE7SEARCH&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.000\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.000\system32\Adobe\Director\np32dsw_116 5635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS.000\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS.000\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.000\Microsoft.NET\Framework\v3.5\Window s Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/06 20:48:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/07 02:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 13:00:13 | 000,000,000 | ---D | M]

[2008/09/20 10:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2012/08/06 13:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ue1csabc.default\ext ensions
[2012/08/06 13:08:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ue1csabc.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/07 02:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/07 02:12:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/08/07 00:58:45 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/07 00:58:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/07 00:58:45 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/08/07 00:58:45 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/07 00:58:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/07 00:58:45 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/10/13 23:09:46 | 000,343,689 | R--- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11784 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced Searchbar) - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll (Advanced Search Technologies, Inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Advanced Searchbar) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll (Advanced Search Technologies, Inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Advanced Searchbar) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll (Advanced Search Technologies, Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS.000\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll (Advanced Search Technologies, Inc)
O9 - Extra 'Tools' menuitem : Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll (Advanced Search Technologies, Inc)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1221858845094 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.000\system32\userinit.exe) - C:\WINDOWS.000\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop WallPaper: C:\WINDOWS.000\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS.000\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 11:56:40 | 000,000,272 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 23:26:58 | 000,000,259 | ---- | M] () - C:\AUTOEXEC.NS0 -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 23:26:58 | 000,000,259 | ---- | M] () - C:\AUTOEXEC.NS1 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 4\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 19:56:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswMBR.exe
[2012/08/09 19:55:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
[2012/08/09 19:21:29 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\George\Recent
[2012/08/09 08:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Sun
[2012/08/08 13:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/08 13:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/08 13:00:13 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\npDeployJava1.dll
[2012/08/08 13:00:13 | 000,687,600 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\deployJava1.dll
[2012/08/08 13:00:13 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaws.exe
[2012/08/08 12:59:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaw.exe
[2012/08/08 12:59:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\java.exe
[2012/08/08 12:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/07 01:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/08/07 01:18:37 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\windowspowershell
[2012/08/07 00:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/08/07 00:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/07 00:50:21 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mfc40u.dll
[2012/08/07 00:41:37 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\comctl32.dll
[2012/08/06 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 21:35:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[2012/08/06 21:28:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\helpsvc.exe
[2012/08/06 21:20:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndproxy.sys
[2012/08/06 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/06 21:13:07 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mup.sys
[2012/08/06 21:10:08 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\rdpwd.sys
[2012/08/06 21:01:17 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\msado15.dll
[2012/08/06 20:59:55 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\moviemk.exe
[2012/08/06 20:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/08/06 20:51:15 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswFsBlk.sys
[2012/08/06 20:51:14 | 000,353,688 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswSP.sys
[2012/08/06 20:51:00 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswRdr.sys
[2012/08/06 20:50:59 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswTdi.sys
[2012/08/06 20:50:57 | 000,721,000 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswSnx.sys
[2012/08/06 20:50:56 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswmon2.sys
[2012/08/06 20:50:56 | 000,089,624 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aswmon.sys
[2012/08/06 20:50:55 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\drivers\aavmker4.sys
[2012/08/06 20:49:15 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndistapi.sys
[2012/08/06 20:47:40 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\avastSS.scr
[2012/08/06 20:47:36 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS.000\System32\aswBoot.exe
[2012/08/06 20:47:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\wab.exe
[2012/08/06 12:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/06 12:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Google
[2012/08/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/04 17:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[8 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 19:57:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswMBR.exe
[2012/08/09 19:56:17 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\George\Desktop\ip6e7lw4.exe
[2012/08/09 19:55:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
[2012/08/09 14:11:27 | 000,000,316 | -H-- | M] () -- C:\WINDOWS.000\tasks\avast! Emergency Update.job
[2012/08/09 14:10:09 | 000,002,278 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2012/08/09 14:07:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2012/08/09 14:07:44 | 535,416,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 12:59:10 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaws.exe
[2012/08/08 12:59:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaw.exe
[2012/08/08 12:59:09 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\java.exe
[2012/08/08 12:59:09 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javacpl.cpl
[2012/08/08 12:59:07 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\npDeployJava1.dll
[2012/08/08 12:59:07 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\deployJava1.dll
[2012/08/08 12:06:41 | 000,376,856 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2012/08/07 00:34:24 | 000,000,420 | -HS- | M] () -- C:\boot.ini
[2012/08/06 22:22:28 | 000,002,867 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2012/08/06 21:36:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 20:51:16 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/04 17:28:18 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Revo Uninstaller.lnk
[8 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 19:56:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\George\Desktop\ip6e7lw4.exe
[2012/08/06 21:36:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 20:51:16 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/08/06 20:51:04 | 000,000,316 | -H-- | C] () -- C:\WINDOWS.000\tasks\avast! Emergency Update.job
[2012/08/06 20:48:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\iacenc.dll
[2012/08/06 20:48:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\dllcache\iacenc.dll
[2012/08/04 14:38:41 | 535,416,832 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/09 09:56:03 | 000,021,956 | ---- | C] () -- C:\Program Files\BUSINESS.CRD
[2008/12/11 19:41:25 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\George\default.pls
[2008/10/03 12:33:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George\Application Data\wklnhst.dat
[2008/09/17 13:12:55 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/08 12:38:51 | 000,000,000 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2006/06/08 12:38:51 | 000,000,000 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2000/06/20 15:51:58 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

[Jerry56]

[B]OTL Extra
OTL Extras logfile created on: 8/9/2012 7:59:16 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

510.55 Mb Total Physical Memory | 267.30 Mb Available Physical Memory | 52.36% Memory free
1.97 Gb Paging File | 1.75 Gb Available in Paging File | 88.68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 17.86 Gb Free Space | 46.65% Space Free | Partition Type: NTFS

Computer Name: GEORGE | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res. dll,-22019
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Searchbar" = Advanced Searchbar
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Announcements 6.0" = Announcements 6.0
"avast" = avast! Free Antivirus
"AVI Codec Pack" = AVI Codec Pack
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 6.0.9
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"ffdshow" = ffdshow (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"RAMRush_is1" = RAMRush 1.0.2.712
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RegScrubXP_is1" = RegScrubXP 3.25
"Revo Uninstaller" = Revo Uninstaller 1.94
"Sandboxie" = Sandboxie 3.38
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.2
"VLC media player" = VideoLAN VLC media player 0.8.6a
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2012 6:40:59 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module aswwebrepie.dll, version 7.0.1456.418, fault address 0x0004d9fb.

Error - 8/9/2012 6:49:48 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module aswwebrepie.dll, version 7.0.1456.418, fault address 0x0004d9fb.

Error - 8/9/2012 6:50:12 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module aswwebrepie.dll, version 7.0.1456.418, fault address 0x0004d9fb.

Error - 8/9/2012 7:02:14 PM | Computer Name = GEORGE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module aswwebrepie.dll, version 7.0.1456.418, fault address 0x0004d9fb.

Error - 8/9/2012 7:18:22 PM | Computer Name = GEORGE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 8/9/2012 7:18:41 PM | Computer Name = GEORGE | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- There is a
problem with this Windows Installer package. Please refer to the setup log for
more information.

Error - 8/9/2012 7:19:57 PM | Computer Name = GEORGE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2686828'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\George\LOCALS~1\Temp\Microsoft .NET Framework 2.0-KB2686828_20120809_231055553-Msi0.txt.

Error - 8/9/2012 7:20:03 PM | Computer Name = GEORGE | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2686828,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 8/9/2012 7:21:44 PM | Computer Name = GEORGE | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 1.1 - Update '{A38B334A-A0A2-436D-BAA0-34FE5E517E44}'
could not be installed. Error code 1603. Additional information is available in
the log file C:\DOCUME~1\George\LOCALS~1\Temp\NDP1.1sp1-KB2656370-X86\NDP1.1sp1-KB2656370-X86-msi.0.log.

Error - 8/9/2012 7:21:45 PM | Computer Name = GEORGE | Source = NativeWrapper | ID = 5000
Description =

[ System Events ]
Error - 8/9/2012 1:15:07 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2686828).

Error - 8/9/2012 1:16:02 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).

Error - 8/9/2012 1:23:44 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Security Update for Windows 2000, Windows Server 2003, and Windows XP x86 (KB979909).

Error - 8/9/2012 1:31:56 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 Update for Windows Server
2003 and Windows XP x86 (KB982168).

Error - 8/9/2012 1:40:08 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2656352).

Error - 8/9/2012 1:48:21 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 SP1 and .NET Framework 2.0
SP2 Update for Windows Server 2003 and Windows XP x86 (KB982524).

Error - 8/9/2012 1:49:35 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on
Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).

Error - 8/9/2012 1:49:55 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB2686509).

Error - 8/9/2012 1:58:17 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2604092).

Error - 8/9/2012 2:06:10 PM | Computer Name = GEORGE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on
Windows Server 2003 and Windows XP x86 (KB2656369).


< End of report >

[Jerry56]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-09 23:07:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_2F040J0 rev.VAM51JJ0
Running: ip6e7lw4.exe; Driver: C:\DOCUME~1\George\LOCALS~1\Temp\kgtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF3C88536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF3D597BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF3C88F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF3CC8C31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF3C93D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3C93DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF3C93F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF3CC85E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3C93CE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF3C93E0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF3C93D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF3C89146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF3C93F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF3C898CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF3C88584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF3CC92F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF3CC95AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF3C8CF36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3CC9162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3CC8FCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF3D5989E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF3C881EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF3C885D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3C8D2A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF3C8A292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF3C93DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF3C93DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF3C93F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF3CC8941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF3C93D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3C8CAAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF3C93E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF3C93D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF3C8CCDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3C93F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF3D59A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF3CC8E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF3C8A15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF3CC8C9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF3C89D08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF3D65338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF3CC7C58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF3C88620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF3C8866E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF3C8974A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF3C88276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF3C88426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF3CC93FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF3C883CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF3C89A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF3C89B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF3C88496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF3C89468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF3C895CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF3C886BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF3C88F96]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3D71744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + F8 804E2764 4 Bytes CALL 9A41F0A5
.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [20, 86, C8, F3, 6E, 86, C8, ...]
.text ntoskrnl.exe!_abnormal_termination + 40C 804E2A78 5 Bytes [76, 82, C8, F3, 26]
.text ntoskrnl.exe!_abnormal_termination + 412 804E2A7E 2 Bytes [C8, F3]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [2C, 9A, C8, F3, 88, 9B, C8, ...]
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL F3C8A943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80992D 5 Bytes JMP F3C8E8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C889 5 Bytes JMP F3C8E7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813921 5 Bytes JMP F3C8E76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C58B 5 Bytes JMP F3C8DE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240FB 5 Bytes JMP F3C8D538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A65 5 Bytes JMP F3C8EA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314B0 5 Bytes JMP F3C8EC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EE7 5 Bytes JMP F3C8E670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851775 5 Bytes JMP F3C8D3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BCAA 5 Bytes JMP F3C8DEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E314 5 Bytes JMP F3C8D992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E39F 5 Bytes JMP F3C8DC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F612 5 Bytes JMP F3C8D3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649E1 5 Bytes JMP F3C8E7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731DB 5 Bytes JMP F3C8DA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873D18 5 Bytes JMP F3C8DC12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E16 5 Bytes JMP F3C8DEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8943C1 5 Bytes JMP F3C8E972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E99 5 Bytes JMP F3C8EB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C24E 5 Bytes JMP F3C8DE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7E3 5 Bytes JMP F3C8D5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1D20 5 Bytes JMP F3C8D6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA1B1 5 Bytes JMP F3C8D790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA431 5 Bytes JMP F3C8D8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3AFB BF8EBDB4 5 Bytes JMP F3C8D2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB0D BF8F4DC6 5 Bytes JMP F3C8DE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142E4 5 Bytes JMP F3C8D4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EB8 5 Bytes JMP F3C8D664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917831 5 Bytes JMP F3C8DD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947980 5 Bytes JMP F3C8EAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS.000\System32\svchost.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\wscntfy.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\wscntfy.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\System32\smss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\Explorer.EXE[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\Explorer.EXE[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS.000\system32\wuauclt.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS.000\system32\wuauclt.exe[832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS.000\system32\wuauclt.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS.000\system32\wuauclt.exe[832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS.000\system32\wuauclt.exe[832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS.000\system32\wuauclt.exe[832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS.000\system32\wuauclt.exe[832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\csrss.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\csrss.exe[948] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\winlogon.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\winlogon.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\services.exe[1264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\services.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\ctfmon.exe[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\ctfmon.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\lsass.exe[1324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\lsass.exe[1324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\notepad.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\notepad.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\svchost.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre7\bin\jqs.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\SearchIndexer.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\SearchIndexer.exe[1744] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS.000\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS.000\system32\SearchIndexer.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\spoolsv.exe[1900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\spoolsv.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\system32\svchost.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\system32\svchost.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\George\Desktop\ip6e7lw4.exe[2364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\George\Desktop\ip6e7lw4.exe[2364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\System32\alg.exe[2532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS.000\System32\alg.exe[2532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\System32\alg.exe[2532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS.000\System32\alg.exe[2532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS.000\System32\alg.exe[2532] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS.000\System32\alg.exe[2532] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS.000\System32\alg.exe[2532] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS.000\System32\alg.exe[2532] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS.000\System32\alg.exe[2532] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS.000\System32\alg.exe[2532] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS.000\notepad.exe[2552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS.000\notepad.exe[2552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[800] @ C:\WINDOWS.000\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[896] @ C:\WINDOWS.000\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS.000\system32\services.exe[1264] @ C:\WINDOWS.000\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS.000\system32\services.exe[1264] @ C:\WINDOWS.000\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1692] @ C:\WINDOWS.000\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

[Jerry56]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-09 23:20:05
-----------------------------
23:20:05.360 OS Version: Windows 5.1.2600 Service Pack 3
23:20:05.360 Number of processors: 1 586 0x803
23:20:05.370 ComputerName: GEORGE UserName: George
23:20:07.413 Initialize success
23:20:13.041 AVAST engine defs: 12080901
23:20:32.999 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:20:32.999 Disk 0 Vendor: Maxtor_2F040J0 VAM51JJ0 Size: 39205MB BusType: 3
23:20:33.270 Disk 0 MBR read successfully
23:20:33.270 Disk 0 MBR scan
23:20:33.450 Disk 0 Windows XP default MBR code
23:20:33.540 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39205 MB offset 63
23:20:33.790 Disk 0 scanning sectors +80292870
23:20:34.291 Disk 0 scanning C:\WINDOWS.000\system32\drivers
23:22:26.062 Service scanning
23:22:26.633 Modules scanning
23:22:27.294 Disk 0 trace - called modules:
23:22:27.414 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
23:22:27.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd2ab8]
23:22:27.444 3 CLASSPNP.SYS[f8737fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fa6d98]
23:22:28.135 AVAST engine scan C:\WINDOWS.000
23:23:43.764 AVAST engine scan C:\WINDOWS.000\system32
23:40:00.088 AVAST engine scan C:\WINDOWS.000\system32\drivers
23:41:26.522 AVAST engine scan C:\Documents and Settings\George
23:47:28.983 AVAST engine scan C:\Documents and Settings\All Users
23:50:05.658 Scan finished successfully
23:50:28.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\George\Desktop\MBR.dat"
23:50:28.822 The log file has been saved successfully to "C:\Documents and Settings\George\Desktop\aswMBR.txt

[Jintan]

I would like to suggest the following, both to remove garbage, and to clean things up so we get a clear shot at what else might be there.


Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.

Java(TM) 6 Update 15 - Older, more vulnerable version. You have the latest 7 Update 5 installed.
Spybot - Search & Destroy - User choice, but seems to do little lately, and can cause issues.
Advanced Searchbar - Adware, spyware, search hijacker.
Advanced SystemCare 3 - Known to cause serious system problems.
RAMRush - All these RAM altering programs have seriously questionable value, and can cause problems.
Announcements 6.0 - Too generic a name to be easily picked up in web searches. Do you know what this is there for?
SpywareBlaster 4.2 - Very old version, and maybe not so useful an app anymore. If you do not keep it updated, better to uninstall it.
Registry Mechanic 8.0 - All "reg cleaners" are not worth a hill of beans, and can cause problems.
RegScrubXP 3.25 - Even worse than Reg Mechanic.


But this is likely the source of a lot of problems:

SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)

An incomplete uninstall of CA, which is already a problematic program when installed. But there likely corrupting Avast, and the system.

Once you have done the above uninstalls, uninstall Avast.

Reboot, then Go here and download the avast! aswClear.exe uninstaller to your desktop, then click that to remove avast!. Be sure to temporarily disable all security software while it runs, and reboot after it completes the uninstall.

------------

Then go here and run the CA uninstaller, rebooting after.

----------

Run a new OTL and Gmer scan, and post those logs please.

[Jerry56]

1) Announcement 6 is a program to make greeting cards.
2) When I tried to run CA uninstaller I got the following message :SelfServe.exe has encountered a problem and need to close.

OTL logfile created on: 8/10/2012 9:53:27 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

510.55 Mb Total Physical Memory | 310.91 Mb Available Physical Memory | 60.90% Memory free
1.97 Gb Paging File | 1.82 Gb Available in Paging File | 92.72% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 17.82 Gb Free Space | 46.53% Space Free | Partition Type: NTFS

Computer Name: GEORGE | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 19:55:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/26 17:22:14 | 000,159,744 | ---- | M] () -- C:\WINDOWS.000\SYSTEM32\mmfinfo.dll
MOD - [2007/02/26 17:21:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS.000\SYSTEM32\mkunicode.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr)
SRV - File not found [Auto | Stopped] -- F:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2012/08/07 02:12:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\WudfSvc.dll -- (WudfSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2010/06/06 09:49:25 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/06 09:49:24 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2009/12/01 20:17:36 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/12/01 20:17:36 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/12/01 20:17:36 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/12/01 20:17:36 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\rtl8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV05NT.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\es198x.sys -- (allegro)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/access/allinone.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.000\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.000\system32\Adobe\Director\np32dsw_116 5635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS.000\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS.000\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.000\Microsoft.NET\Framework\v3.5\Window s Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/07 02:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 13:00:13 | 000,000,000 | ---D | M]

[2008/09/20 10:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2012/08/06 13:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ue1csabc.default\ext ensions
[2012/08/06 13:08:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ue1csabc.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/07 02:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/07 02:12:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/08/07 00:58:45 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/07 00:58:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/07 00:58:45 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/08/07 00:58:45 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/07 00:58:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/07 00:58:45 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/10/13 23:09:46 | 000,343,689 | R--- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11784 more lines...
O3 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS.000\System32\systray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-839522115-1957994488-1003..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1221858845094 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.000\system32\userinit.exe) - C:\WINDOWS.000\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop WallPaper: C:\WINDOWS.000\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS.000\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 11:56:40 | 000,000,272 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 23:26:58 | 000,000,259 | ---- | M] () - C:\AUTOEXEC.NS0 -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 23:26:58 | 000,000,259 | ---- | M] () - C:\AUTOEXEC.NS1 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 4\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 21:22:12 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswclear.exe
[2012/08/10 20:52:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\appmgmt
[2012/08/10 04:00:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\George\Recent
[2012/08/09 19:56:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswMBR.exe
[2012/08/09 19:55:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
[2012/08/09 08:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Sun
[2012/08/08 13:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/08 13:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/08 13:00:13 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\npDeployJava1.dll
[2012/08/08 13:00:13 | 000,687,600 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\deployJava1.dll
[2012/08/08 13:00:13 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaws.exe
[2012/08/08 12:59:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaw.exe
[2012/08/08 12:59:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\java.exe
[2012/08/08 12:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/07 01:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/08/07 01:18:37 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\windowspowershell
[2012/08/07 00:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/08/07 00:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/07 00:50:21 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mfc40u.dll
[2012/08/07 00:41:37 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\comctl32.dll
[2012/08/06 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 21:35:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[2012/08/06 21:28:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\helpsvc.exe
[2012/08/06 21:20:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndproxy.sys
[2012/08/06 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/06 21:13:07 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mup.sys
[2012/08/06 21:10:08 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\rdpwd.sys
[2012/08/06 21:01:17 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\msado15.dll
[2012/08/06 20:59:55 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\moviemk.exe
[2012/08/06 20:49:15 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndistapi.sys
[2012/08/06 20:47:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\wab.exe
[2012/08/06 12:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/06 12:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Google
[2012/08/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/04 17:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[8 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 21:52:50 | 000,002,278 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2012/08/10 21:51:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2012/08/10 21:51:13 | 535,416,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 21:39:13 | 000,144,648 | ---- | M] () -- C:\Documents and Settings\George\Desktop\SupportBridge.remoteassist .ca.com.443.supportbridge.$.exe
[2012/08/10 21:23:23 | 000,002,819 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2012/08/10 21:22:13 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswclear.exe
[2012/08/09 23:50:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\George\Desktop\MBR.dat
[2012/08/09 19:57:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswMBR.exe
[2012/08/09 19:56:17 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\George\Desktop\ip6e7lw4.exe
[2012/08/09 19:55:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
[2012/08/08 12:59:10 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaws.exe
[2012/08/08 12:59:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaw.exe
[2012/08/08 12:59:09 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\java.exe
[2012/08/08 12:59:09 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javacpl.cpl
[2012/08/08 12:59:07 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\npDeployJava1.dll
[2012/08/08 12:59:07 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\deployJava1.dll
[2012/08/08 12:06:41 | 000,376,856 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2012/08/07 00:34:24 | 000,000,420 | -HS- | M] () -- C:\boot.ini
[2012/08/06 21:36:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 17:28:18 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Revo Uninstaller.lnk
[8 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 21:39:11 | 000,144,648 | ---- | C] () -- C:\Documents and Settings\George\Desktop\SupportBridge.remoteassist .ca.com.443.supportbridge.$.exe
[2012/08/09 23:50:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\George\Desktop\MBR.dat
[2012/08/09 19:56:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\George\Desktop\ip6e7lw4.exe
[2012/08/06 21:36:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 20:48:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\iacenc.dll
[2012/08/06 20:48:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\dllcache\iacenc.dll
[2012/08/04 14:38:41 | 535,416,832 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/09 09:56:03 | 000,021,956 | ---- | C] () -- C:\Program Files\BUSINESS.CRD
[2008/12/11 19:41:25 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\George\default.pls
[2008/10/03 12:33:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George\Application Data\wklnhst.dat
[2008/09/17 13:12:55 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/08 12:38:51 | 000,000,000 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2006/06/08 12:38:51 | 000,000,000 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2000/06/20 15:51:58 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

[Jerry56]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-11 01:00:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_2F040J0 rev.VAM51JJ0
Running: ip6e7lw4.exe; Driver: C:\DOCUME~1\George\LOCALS~1\Temp\kgtdqpog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS.000\system32\SearchIndexer.exe[592] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS.000\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINDOWS.000\Explorer.EXE[1884] @ C:\WINDOWS.000\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS.000\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- EOF - GMER 1.0.15 ----

[Jintan]

Reboot to Safe Mode please, and try the CA uninstall there. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

To be sure of things, go here and download Cédric GEORGEOT's CAT – Crisis Aversion Tool, then click that cat.exe to run the tool.

(For the download link, scroll down and click "ici" in: Bref, un must have à télécharger d’urgence ici. <------)


When CAT opens, click the left-side Adjustments tab. Place a check next to:

Enable Windows Installer in Safe Mode

Then click Apply Checked Fixes, and agree to start the installer service. When it completes it's changes, click the upper left X and agree to close CAT. It will also open a log file - just close that for now.

A Caution - Please refrain from the temptation to effect other changes with CAT.

[Jintan]

If that succeeds, please reboot, then run and post a new OTL log.

[Jerry56]

I am in safe mode but still unable to delete Ca. also i go to CAT – Crisis Aversion Tool, but its not in english so i don't see where to click to download it.

[Jerry56]

I still can't get CA to uninstall.

OTL logfile created on: 8/11/2012 10:31:31 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\George\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

510.55 Mb Total Physical Memory | 303.95 Mb Available Physical Memory | 59.53% Memory free
1.97 Gb Paging File | 1.81 Gb Available in Paging File | 92.05% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.000 | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 17.68 Gb Free Space | 46.17% Space Free | Partition Type: NTFS

Computer Name: GEORGE | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 19:55:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS.000\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/26 17:22:14 | 000,159,744 | ---- | M] () -- C:\WINDOWS.000\SYSTEM32\mmfinfo.dll
MOD - [2007/02/26 17:21:38 | 000,023,552 | ---- | M] () -- C:\WINDOWS.000\SYSTEM32\mkunicode.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- (VETMSGNT)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr)
SRV - File not found [Auto | Stopped] -- F:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe -- (CAISafe)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2012/08/07 02:12:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2006/09/28 18:56:14 | 000,055,808 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\WudfSvc.dll -- (WudfSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2010/06/06 09:49:25 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/06/06 09:49:24 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2009/12/01 20:17:36 | 000,032,240 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2009/12/01 20:17:36 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2009/12/01 20:17:36 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2009/12/01 20:17:36 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS.000\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2004/08/04 01:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\rtl8139.sys -- (rtl8139)
DRV - [2004/08/04 01:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 01:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 01:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\watv10nt.sys -- (iAimTV5)
DRV - [2004/08/04 01:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 01:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 01:29:44 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\watv06nt.sys -- (iAimTV6)
DRV - [2004/08/04 01:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 01:29:40 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv09nt.sys -- (iAimFP7)
DRV - [2004/08/04 01:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv08nt.sys -- (iAimFP6)
DRV - [2004/08/04 01:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 01:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 01:29:38 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wadv07nt.sys -- (iAimFP5)
DRV - [2004/08/04 01:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\wADV05NT.sys -- (iAimFP2)
DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:19:48 | 000,174,464 | ---- | M] (ESS Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS.000\SYSTEM32\DRIVERS\es198x.sys -- (allegro)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/access/allinone.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? }


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.microsoft.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.000\system32\blank.htm
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-484763869-839522115-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS.000\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS.000\system32\Adobe\Director\np32dsw_116 5635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS.000\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS.000\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS.000\Microsoft.NET\Framework\v3.5\Window s Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/07 02:12:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 13:00:13 | 000,000,000 | ---D | M]

[2008/09/20 10:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2012/08/06 13:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ue1csabc.default\ext ensions
[2012/08/06 13:08:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\ue1csabc.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/07 02:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/07 02:12:38 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/08/07 00:58:45 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/07 00:58:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/07 00:58:45 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/08/07 00:58:45 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/07 00:58:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/07 00:58:45 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/10/13 23:09:46 | 000,343,689 | R--- | M]) - C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11784 more lines...
O3 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\..\Toolbar\WebBrowser: (no name) - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS.000\System32\systray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-839522115-1957994488-1003..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-839522115-1957994488-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS.000\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1221858845094 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS.000\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS.000\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS.000\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.000\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS.000\system32\userinit.exe) - C:\WINDOWS.000\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop WallPaper: C:\WINDOWS.000\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS.000\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/16 11:56:40 | 000,000,272 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/06/08 17:00:00 | 000,000,079 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 23:26:58 | 000,000,259 | ---- | M] () - C:\AUTOEXEC.NS0 -- [ NTFS ]
O32 - AutoRun File - [2005/08/05 23:26:58 | 000,000,259 | ---- | M] () - C:\AUTOEXEC.NS1 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 4\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 22:05:34 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2012/08/11 21:33:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS.000\CSC
[2012/08/10 21:22:12 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswclear.exe
[2012/08/10 20:52:21 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\appmgmt
[2012/08/10 04:00:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\George\Recent
[2012/08/09 19:56:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswMBR.exe
[2012/08/09 19:55:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
[2012/08/09 08:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Sun
[2012/08/08 13:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/08/08 13:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/08 13:00:13 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\npDeployJava1.dll
[2012/08/08 13:00:13 | 000,687,600 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\deployJava1.dll
[2012/08/08 13:00:13 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaws.exe
[2012/08/08 12:59:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaw.exe
[2012/08/08 12:59:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\WINDOWS.000\System32\java.exe
[2012/08/08 12:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/07 01:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/08/07 01:18:37 | 000,000,000 | ---D | C] -- C:\WINDOWS.000\System32\windowspowershell
[2012/08/07 00:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/08/07 00:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/07 00:50:21 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mfc40u.dll
[2012/08/07 00:41:37 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\comctl32.dll
[2012/08/06 21:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/06 21:35:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.000\System32\drivers\mbam.sys
[2012/08/06 21:28:21 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\helpsvc.exe
[2012/08/06 21:20:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndproxy.sys
[2012/08/06 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/06 21:13:07 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\mup.sys
[2012/08/06 21:10:08 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\rdpwd.sys
[2012/08/06 21:01:17 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\msado15.dll
[2012/08/06 20:59:55 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\moviemk.exe
[2012/08/06 20:49:15 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\ndistapi.sys
[2012/08/06 20:47:15 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS.000\System32\dllcache\wab.exe
[2012/08/06 12:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/06 12:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Google
[2012/08/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/06 12:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/08/04 17:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[8 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/11 22:30:21 | 000,002,278 | ---- | M] () -- C:\WINDOWS.000\System32\wpa.dbl
[2012/08/11 22:28:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS.000\bootstat.dat
[2012/08/11 22:28:37 | 535,416,832 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/11 22:04:32 | 000,901,927 | ---- | M] () -- C:\Documents and Settings\George\Desktop\CAT.exe
[2012/08/11 21:38:59 | 000,144,648 | ---- | M] () -- C:\Documents and Settings\George\Desktop\SupportBridge.remoteassist .ca.com.443.supportbridge.$.exe
[2012/08/10 21:23:23 | 000,002,819 | ---- | M] () -- C:\WINDOWS.000\System32\CONFIG.NT
[2012/08/10 21:22:13 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswclear.exe
[2012/08/09 23:50:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\George\Desktop\MBR.dat
[2012/08/09 19:57:11 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\George\Desktop\aswMBR.exe
[2012/08/09 19:56:17 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\George\Desktop\ip6e7lw4.exe
[2012/08/09 19:55:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\Desktop\OTL.exe
[2012/08/08 12:59:10 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaws.exe
[2012/08/08 12:59:10 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javaw.exe
[2012/08/08 12:59:09 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\java.exe
[2012/08/08 12:59:09 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\javacpl.cpl
[2012/08/08 12:59:07 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\npDeployJava1.dll
[2012/08/08 12:59:07 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\WINDOWS.000\System32\deployJava1.dll
[2012/08/08 12:06:41 | 000,376,856 | ---- | M] () -- C:\WINDOWS.000\System32\FNTCACHE.DAT
[2012/08/07 00:34:24 | 000,000,420 | -HS- | M] () -- C:\boot.ini
[2012/08/06 21:36:03 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/04 17:28:18 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Revo Uninstaller.lnk
[8 C:\WINDOWS.000\*.tmp files -> C:\WINDOWS.000\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 22:28:37 | 535,416,832 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/11 22:04:32 | 000,901,927 | ---- | C] () -- C:\Documents and Settings\George\Desktop\CAT.exe
[2012/08/10 21:39:11 | 000,144,648 | ---- | C] () -- C:\Documents and Settings\George\Desktop\SupportBridge.remoteassist .ca.com.443.supportbridge.$.exe
[2012/08/09 23:50:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\George\Desktop\MBR.dat
[2012/08/09 19:56:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\George\Desktop\ip6e7lw4.exe
[2012/08/06 21:36:03 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 20:48:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\iacenc.dll
[2012/08/06 20:48:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS.000\System32\dllcache\iacenc.dll
[2009/08/09 09:56:03 | 000,021,956 | ---- | C] () -- C:\Program Files\BUSINESS.CRD
[2008/12/11 19:41:25 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\George\default.pls
[2008/10/03 12:33:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\George\Application Data\wklnhst.dat
[2008/09/17 13:12:55 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/08 12:38:51 | 000,000,000 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2006/06/08 12:38:51 | 000,000,000 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2000/06/20 15:51:58 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

[Jintan]

Quote:

(For the download link, scroll down and click "ici" in: Bref, un must have à télécharger d’urgence ici. <------)

Please try that CAT run steps before we go further here, though there are some likely malware activities showing.

This, to the best of what I find, is not an "uploadmgr".
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr)

Known malware ID:
O24 - Desktop Components:1 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2

[Jerry56]

I did run CAT and it says it was successful , Them I ran the above OTL.