ALUREON.E

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: need help with->DOS/ALUREON.E2nd December 2011, 6:57 pm

Please delete your current version of ComboFix.

Download ComboFix by sUBs from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix to Combo-Fix before saving it to the desktop.

need help with->DOS/ALUREON.E - Page 2 Cf1

need help with->DOS/ALUREON.E - Page 2 Cf1

need help with->DOS/ALUREON.E - Page 2 Cf2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

Re: need help with->DOS/ALUREON.E3rd December 2011, 3:42 pm

superdave i can not get combo fix to work it just hangs, never finishes screen stays blue with blinking underscore What's next?

Re: need help with->DOS/ALUREON.E3rd December 2011, 7:27 pm

One more try.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

Re: need help with->DOS/ALUREON.E3rd December 2011, 9:11 pm

Dave No good it Just "freezes/hangs"

Re: need help with->DOS/ALUREON.E4th December 2011, 1:56 am

Ok. Please try to run it in Safe Mode.

Re: need help with->DOS/ALUREON.E4th December 2011, 7:53 pm

Did Try same Thing Hangs

Re: need help with->DOS/ALUREON.E5th December 2011, 2:00 am

Let's see if it will run this one.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

Re: need help with->DOS/ALUREON.E5th December 2011, 1:43 pm

Dave only one log opened

OTL logfile created on: 12/5/2011 8:16:44 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\bridge\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 79.08% Memory free
2.44 Gb Paging File | 2.16 Gb Available in Paging File | 88.38% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 57.34 Gb Free Space | 80.25% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.69 Gb Free Space | 89.97% Space Free | Partition Type: FAT

Computer Name: BYPC3 | User Name: bridge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/05 08:09:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bridge\Desktop\OTL.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/05 10:59:38 | 000,231,704 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/27 17:19:00 | 000,282,624 | -H-- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (No Company Name) ==========

MOD - [2006/08/23 17:12:38 | 000,196,608 | -H-- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2003/07/29 08:27:40 | 000,078,336 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Updater Service for StartNow Toolbar)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (Application Updater)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\blackpudding\pev.3XE -- (PEVSystemStart)
SRV - [2008/11/05 10:59:38 | 000,875,288 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2008/11/05 10:59:38 | 000,231,704 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 11:27:04 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\bridge\Desktop\freespywareremoval\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:24 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/11/05 10:59:54 | 000,076,040 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/11/05 10:59:50 | 000,097,928 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/11/05 10:59:48 | 000,026,824 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2006/07/27 17:24:28 | 001,171,464 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/17 14:03:24 | 000,044,544 | RH-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/10/20 10:59:26 | 000,048,640 | -H-- | M] (Ranioshack Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/11/17 18:59:20 | 000,212,224 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 18:58:02 | 000,680,704 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 18:56:26 | 001,042,432 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2011/09/03 16:30:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2011/09/03 16:30:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 08:00:41 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/11 08:00:37 | 000,000,000 | -H-D | M]

[2008/10/30 13:09:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Extensions
[2011/11/21 12:42:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\extensions
[2011/04/17 11:13:52 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/21 14:46:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010/11/27 18:18:05 | 000,001,490 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\AOL Search.xml
[2011/09/30 14:13:44 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\bing-zugo.xml
[2011/09/27 13:10:50 | 000,000,939 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\conduit.xml
[2011/11/11 08:00:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\BRIDGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NS7V42J8.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2011/11/05 01:53:18 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/01 11:27:14 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/27 18:18:05 | 000,001,490 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\AOL Search.xml
[2011/11/04 22:21:03 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/29 08:54:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Bridge Auto Parts Toolbar) - {37d0e5c3-24d6-46bc-86db-72cdb80b13de} - C:\Program Files\Bridge_Auto_Parts\prxtbBrid.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Bridge Auto Parts Toolbar) - {37d0e5c3-24d6-46bc-86db-72cdb80b13de} - C:\Program Files\Bridge_Auto_Parts\prxtbBrid.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Bridge Auto Parts Toolbar) - {37D0E5C3-24D6-46BC-86DB-72CDB80B13DE} - C:\Program Files\Bridge_Auto_Parts\prxtbBrid.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG, Technologies CZ, s.r.o )
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\autoease.lnk = C:\Program Files\FacetCorp\FacetWin\FacetWin Terminal Configurations\autoease.fwt ()
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\OfficePopup.lnk = C:\Program Files\OfficePopup\OfficePopup.exe ()
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\bridge\Start Menu\Programs\Startup\QuickButtons General.lnk = C:\Program Files\QuickButtons\QuickButtons.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: Web-Based Email Tools http://email02.secureserver.net/Download.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL) - C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\bridge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bridge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASSEH.DLL (SuperAdBlocker.com)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2008/10/27 22:55:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - C:\blackpudding\pev.3XE ()
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - C:\blackpudding\pev.3XE ()
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/03 15:51:34 | 000,000,000 | --SD | C] -- C:\blackpudding
[2011/12/03 15:50:47 | 004,326,308 | R--- | C] (Swearware) -- C:\Documents and Settings\bridge\Desktop\blackpudding.bat
[2011/12/03 10:12:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/30 12:56:20 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\bridge\Desktop\aswMBR.exe
[2011/11/29 10:03:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/29 10:03:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/28 17:56:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/28 17:56:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/28 17:56:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/28 17:56:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 17:56:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 17:17:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/28 17:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Desktop\older
[2011/11/28 17:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Desktop\freespywareremoval
[2011/11/28 11:42:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bridge\Desktop\OTL.exe
[2011/11/28 11:23:59 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.pif
[2011/11/28 09:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2011/11/28 09:45:32 | 004,617,600 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\bridge\Desktop\SUPERAntiSpyware.exe
[2011/11/28 09:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Application Data\SUPERAntiSpyware.com
[2011/11/28 09:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/11/28 09:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bridge\Desktop\reghrbgrs
[2011/11/28 09:19:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.scr
[2011/11/25 16:57:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bridge\Recent
[2011/11/25 09:19:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Local Settings\Application Data\PCHealth
[2011/11/25 08:15:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Start Menu\Programs\System Fix
[2011/11/22 09:09:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Conduit
[2011/11/22 09:09:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Local Settings\Application Data\Bridge_Auto_Parts
[2011/11/22 09:08:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Bridge_Auto_Parts
[2011/11/21 13:51:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/21 13:51:22 | 000,000,000 | -H-D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/21 13:51:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/11/21 13:43:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Desktop\MASTER
[2011/11/21 13:43:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\Desktop\ALL INTERNET PROTECTION
[2011/11/21 13:42:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\My Documents\New Folder
[2011/11/21 12:36:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Internet Logs
[2011/11/21 11:57:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/11/16 10:34:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/11/15 13:35:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/11/12 19:36:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bridge\Local Settings\Application Data\4b14f1b1
[2011/11/06 17:54:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bridge\My Documents\My Games
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/05 08:14:29 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc7a2da685e8d4.job
[2011/12/05 08:14:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/05 08:09:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bridge\Desktop\OTL.exe
[2011/12/04 12:04:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 12:02:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{79623B3E-72FC-401C-834F-64236350CB33}.job
[2011/12/03 15:15:34 | 004,326,308 | R--- | M] (Swearware) -- C:\Documents and Settings\bridge\Desktop\blackpudding.bat
[2011/12/02 08:49:09 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/30 14:38:00 | 000,381,631 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\MiniToolBox.exe
[2011/11/30 12:57:45 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\MBR.dat
[2011/11/30 12:51:50 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\bridge\Desktop\aswMBR.exe
[2011/11/29 10:03:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/29 08:54:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/28 18:01:12 | 007,716,864 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\rc.iso
[2011/11/28 17:26:56 | 000,879,649 | ---- | M] () -- C:\Documents and Settings\bridge\Desktop\SecurityCheck.exe
[2011/11/28 11:13:40 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.pif
[2011/11/28 09:11:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\bridge\Desktop\dds.scr
[2011/11/25 09:14:54 | 000,000,849 | -H-- | M] () -- C:\Documents and Settings\bridge\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/25 08:15:36 | 000,000,312 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTk
[2011/11/25 08:15:35 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTkr
[2011/11/25 08:15:34 | 000,000,831 | -H-- | M] () -- C:\Documents and Settings\bridge\Desktop\System Fix.lnk
[2011/11/25 08:15:26 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\eNvA4Ubha3KVTk
[2011/11/25 08:13:26 | 000,081,191 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/11/23 19:32:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 14:52:29 | 000,484,640 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 14:52:29 | 000,087,542 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 13:41:41 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\bridge\Desktop\Shortcut to Internet.lnk
[2011/11/21 13:16:49 | 000,000,111 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\sys28076.bin
[2011/11/21 13:14:20 | 000,000,803 | RH-- | M] () -- C:\Documents and Settings\bridge\Desktop\Internet Explorer.lnk
[2011/11/21 13:01:29 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/21 12:46:41 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\bridge\My Documents\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:17:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\2985366603
[2011/11/21 12:02:27 | 000,001,945 | -H-- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/21 11:24:56 | 000,000,005 | -H-- | M] () -- C:\Documents and Settings\bridge\hjhjhj.html
[2011/11/20 13:27:44 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/07 13:04:38 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\bridge\Desktop\SUPERAntiSpyware.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/30 14:42:30 | 000,381,631 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\MiniToolBox.exe
[2011/11/30 12:57:45 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\MBR.dat
[2011/11/29 10:03:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/29 10:03:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/28 18:09:18 | 007,716,864 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\rc.iso
[2011/11/28 17:56:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/28 17:56:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/28 17:56:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/28 17:56:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/28 17:56:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/28 17:31:43 | 000,879,649 | ---- | C] () -- C:\Documents and Settings\bridge\Desktop\SecurityCheck.exe
[2011/11/25 09:14:53 | 000,000,849 | -H-- | C] () -- C:\Documents and Settings\bridge\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/25 08:15:35 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTk
[2011/11/25 08:15:35 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~eNvA4Ubha3KVTkr
[2011/11/25 08:15:34 | 000,000,831 | -H-- | C] () -- C:\Documents and Settings\bridge\Desktop\System Fix.lnk
[2011/11/25 08:15:26 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\eNvA4Ubha3KVTk
[2011/11/21 13:41:41 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\bridge\Desktop\Shortcut to Internet.lnk
[2011/11/21 13:14:20 | 000,000,803 | RH-- | C] () -- C:\Documents and Settings\bridge\Desktop\Internet Explorer.lnk
[2011/11/21 13:01:27 | 000,001,393 | -H-- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/21 12:46:41 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\bridge\My Documents\Malwarebytes' Anti-Malware.lnk
[2011/11/21 12:02:27 | 000,001,945 | -H-- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/21 11:24:56 | 000,000,005 | -H-- | C] () -- C:\Documents and Settings\bridge\hjhjhj.html
[2011/11/15 11:59:42 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/30 13:21:11 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/29 11:03:22 | 000,000,341 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2010/06/29 11:02:53 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2010/06/29 11:02:53 | 000,000,373 | -H-- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2008/12/08 14:47:47 | 000,027,019 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/18 10:27:33 | 000,000,776 | -H-- | C] () -- C:\Documents and Settings\bridge\Application Data\wklnhst.dat
[2008/10/30 13:09:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/28 11:03:14 | 001,617,920 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/10/28 11:03:14 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/28 11:03:13 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/28 11:03:13 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/28 11:03:11 | 001,470,464 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/28 11:03:11 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/10/28 11:03:11 | 000,581,632 | -H-- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/10/28 11:03:11 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/10/28 11:03:08 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/10/28 11:03:08 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/28 11:03:08 | 000,196,608 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2008/10/27 22:58:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 22:53:21 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 14:47:18 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 14:46:16 | 000,173,872 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 23:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 23:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 12:51:02 | 000,020,698 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 12:48:48 | 000,030,628 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 12:48:28 | 000,031,698 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/03/22 13:48:43 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,484,640 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,087,542 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 10:16:34 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2010/11/27 18:18:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/09/04 09:14:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/03 17:20:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/11/21 11:44:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/08 14:46:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/08/16 09:27:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/27 18:19:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\acccore
[2011/09/03 16:30:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\AVGTOOLBAR
[2011/09/30 13:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\CheckPoint
[2008/11/14 14:21:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/05 12:14:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Fomine Software
[2011/09/06 14:18:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\GetRightToGo
[2011/10/21 10:03:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\IObit
[2010/10/01 12:31:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\OpenOffice.org
[2008/12/08 15:00:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\ScanSoft
[2008/11/18 10:27:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Template
[2008/10/30 12:06:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Windows Desktop Search
[2008/11/05 10:40:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\bridge\Application Data\Windows Search
[2011/12/04 12:02:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{79623B3E-72FC-401C-834F-64236350CB33}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-23 13:13:52

< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/31 14:11:08 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/04/13 19:12:12 | 000,588,800 | -H-- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008/04/13 19:12:12 | 000,588,800 | -H-- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\system32\autochk.exe
[2004/08/04 05:00:00 | 000,588,800 | -H-- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: BEEP.SYS >
[2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | -H-- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | -H-- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: IMM32.DLL >
[2008/04/13 19:11:54 | 000,110,080 | -H-- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\ServicePackFiles\i386\imm32.dll
[2008/04/13 19:11:54 | 000,110,080 | -H-- | M] (Microsoft Corporation) MD5=0DA85218E92526972A821587E6A8BF8F -- C:\WINDOWS\system32\imm32.dll
[2004/08/04 05:00:00 | 000,110,080 | -H-- | M] (Microsoft Corporation) MD5=87CA7CE6469577F059297B9D6556D66D -- C:\WINDOWS\$NtServicePackUninstall$\imm32.dll

< MD5 for: KERNEL32.DLL >
[2007/04/16 11:07:27 | 000,986,112 | -H-- | M] (Microsoft Corporation) MD5=09F7CB3687F86EDAA4CA081F7AB66C03 -- C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[2004/08/04 05:00:00 | 000,983,552 | -H-- | M] (Microsoft Corporation) MD5=888190E31455FAD793312F8D087146EB -- C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
[2007/04/16 10:52:53 | 000,984,576 | -H-- | M] (Microsoft Corporation) MD5=A01F9CA902A88F7CED06884174D6419D -- C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\Documents and Settings\bridge\Local Settings\Temp\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\dllcache\kernel32.dll
[2009/03/21 09:06:58 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=B921FB870C9AC0D509B2CCABBBBE95F3 -- C:\WINDOWS\system32\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll
[2008/04/13 19:11:56 | 000,989,696 | -H-- | M] (Microsoft Corporation) MD5=C24B983D211C34DA8FCC1AC38477971D -- C:\WINDOWS\ServicePackFiles\i386\kernel32.dll
[2009/03/21 08:59:23 | 000,991,744 | -H-- | M] (Microsoft Corporation) MD5=DA11D9D6ECBDF0F93436A4B7C13F7BEC -- C:\WINDOWS\$hf_mig$\KB959426\SP3QFE\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/06/20 12:41:10 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | -H-- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 05:00:00 | 000,182,912 | -H-- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NTFS.SYS >
[2007/02/09 06:23:36 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007/02/09 06:10:35 | 000,574,464 | -H-- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008/04/13 14:15:53 | 000,574,976 | -H-- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004/08/04 05:00:00 | 000,574,592 | -H-- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/04/13 19:12:02 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\ServicePackFiles\i386\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\dllcache\ntmssvc.dll
[2008/04/13 19:12:02 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=156F64A3345BD23C600655FB4D10BC08 -- C:\WINDOWS\system32\ntmssvc.dll
[2004/08/04 05:00:00 | 000,435,200 | -H-- | M] (Microsoft Corporation) MD5=B62F29C00AC55A761B2E45877D85EA0F -- C:\WINDOWS\$NtServicePackUninstall$\ntmssvc.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | -H-- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: PROQUOTA.EXE >
[2004/08/04 05:00:00 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/13 19:12:32 | 000,050,176 | -H-- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: QMGR.DLL >
[2004/08/04 05:00:00 | 000,382,464 | -H-- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | -H-- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | -H-- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | -H-- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | -H-- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 05:00:00 | 001,580,544 | -H-- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | -H-- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 19:12:05 | 001,614,848 | -H-- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | -H-- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | -H-- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2004/08/04 05:00:00 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=7435B108B935E42EA92CA94F59C8E717 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2005/06/10 19:17:13 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008/04/13 19:12:36 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=D8E14A61ACC1D4A6CD0D38AEBAC7FA3B -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005/06/10 18:53:32 | 000,057,856 | -H-- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SRSVC.DLL >
[2008/04/13 19:12:07 | 000,171,008 | -H-- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 19:12:07 | 000,171,008 | -H-- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2004/08/04 05:00:00 | 000,170,496 | -H-- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TERMSRV.DLL >
[2004/08/04 05:00:00 | 000,295,424 | -H-- | M] (Microsoft Corporation) MD5=B60C877D16D9C880B952FDA04ADF16E6 -- C:\WINDOWS\$NtServicePackUninstall$\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | -H-- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\ServicePackFiles\i386\termsrv.dll
[2008/04/13 19:12:07 | 000,295,424 | -H-- | M] (Microsoft Corporation) MD5=FF3477C03BE7201C294C35F684B3479F -- C:\WINDOWS\system32\termsrv.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | -H-- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | -H-- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004/08/04 05:00:00 | 000,082,944 | -H-- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< MD5 for: XMLPROV.DLL >
[2008/04/13 19:12:11 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\ServicePackFiles\i386\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\dllcache\xmlprov.dll
[2008/04/13 19:12:11 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=295D21F14C335B53CB8154E5B1F892B9 -- C:\WINDOWS\system32\xmlprov.dll
[2004/08/04 05:00:00 | 000,129,536 | -H-- | M] (Microsoft Corporation) MD5=EEF46DAB68229A14DA3D8E73C99E2959 -- C:\WINDOWS\$NtServicePackUninstall$\xmlprov.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Re: need help with->DOS/ALUREON.E5th December 2011, 8:29 pm

I didn't notice this before but you have three AV programs on your computer. Please make sure that only one is active at any time.

Code:

AVG Free 8.0 
AVG 2012 
Microsoft Security Essentials

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Re: need help with->DOS/ALUREON.E6th December 2011, 3:57 pm

Status: Disinfected (events: 2)
12/5/2011 5:01:44 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\39\f0cf627-4d4353d6 High
12/5/2011 5:01:44 PM Disinfected Trojan program Trojan.Java.Agent.aw C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\39\f0cf627-4d4353d6/photo/Zoom.class High
Status: Deleted (events: 15)
12/5/2011 5:02:01 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-1ce32825 High
12/5/2011 5:02:00 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-340a640c High
12/5/2011 5:02:01 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-3a37770b High
12/5/2011 5:02:14 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-478853da High
12/5/2011 5:02:14 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-615c8bc2 High
12/5/2011 5:02:13 PM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\bridge\Application Data\Sun\Java\Deployment\cache\6.0\62\5024297e-66e8ac51 High
12/5/2011 5:41:00 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP738\A0057179.lnk High
12/5/2011 5:41:01 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP748\A0067196.lnk High
12/5/2011 5:41:15 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP749\A0068265.lnk High
12/5/2011 5:41:15 PM Deleted Trojan program Trojan-FakeAV.Win32.PrivacyProtection.p C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP749\A0068269.lnk High
12/5/2011 5:49:14 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP764\A0072479.exe High
12/5/2011 5:49:18 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP768\A0074588.exe High
12/5/2011 5:49:15 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP768\A0074589.exe High
12/5/2011 5:50:56 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP771\A0084712.exe High
12/5/2011 5:50:56 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeRecovery.ag C:\System Volume Information\_restore{6E11A063-E14D-47A5-8222-91CFCD97CBD6}\RP771\A0084712.exe//PE-Crypt.XorPE High

Re: need help with->DOS/ALUREON.E6th December 2011, 4:40 pm

Status: Disinfected (events: 1)
12/6/2011 11:38:09 AM Disinfected Trojan program Rootkit.Boot.SST.b \Device\Harddisk0\DR0 High

Re: need help with->DOS/ALUREON.E6th December 2011, 6:07 pm

ComboFix 11-12-03.01 - bridge 12/06/2011 12:31:49.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1982.1651 [GMT -5:00]
Running from: c:\documents and settings\bridge\desktop\blackpudding.bat
Command switches used :: /killall
AV: AVG *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\bridge\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\documents and settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\searchplugins\bing-zugo.xml
c:\documents and settings\bridge\Desktop\blackpudding.bat
c:\documents and settings\bridge\Desktop\System Fix.lnk
c:\documents and settings\bridge\Start Menu\Programs\System Fix
c:\documents and settings\bridge\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\bridge\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\bridge\WINDOWS
c:\windows\iun6002.exe
c:\windows\system32\
c:\windows\system32\usmt\migwiz_a.exe
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\system32\dllcache\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-11-06 to 2011-12-06 )))))))))))))))))))))))))))))))
.
.
2011-12-06 17:36 . 2008-04-13 16:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2011-12-06 17:36 . 2008-04-13 16:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-12-05 21:00 . 2011-12-06 03:19 133208 ----a-w- c:\windows\system32\drivers\42227559.sys
2011-11-28 22:17 . 2011-11-28 22:17 -------- d-----w- C:\_OTL
2011-11-28 14:50 . 2011-11-28 14:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-11-28 14:27 . 2011-11-28 14:27 -------- d-----w- c:\documents and settings\bridge\Application Data\SUPERAntiSpyware.com
2011-11-28 14:27 . 2011-11-28 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-11-25 14:57 . 2011-11-25 14:57 -------- d--h--w- c:\documents and settings\Administrator
2011-11-25 14:19 . 2011-11-25 14:19 -------- d--h--w- c:\documents and settings\bridge\Local Settings\Application Data\PCHealth
2011-11-22 14:09 . 2011-11-22 14:09 -------- d--h--w- c:\program files\Conduit
2011-11-22 14:09 . 2011-11-22 14:09 -------- d--h--w- c:\documents and settings\bridge\Local Settings\Application Data\Bridge_Auto_Parts
2011-11-22 14:08 . 2011-11-22 14:09 -------- d--h--w- c:\program files\Bridge_Auto_Parts
2011-11-21 18:51 . 2011-11-21 19:56 -------- d--h--w- c:\program files\Spybot - Search & Destroy
2011-11-21 18:51 . 2011-11-21 19:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-21 18:25 . 2011-11-21 18:25 -------- d--h--w- c:\windows\AF499E523F6F420FA4E96341B4246E4B.TMP
2011-11-21 17:36 . 2011-11-21 17:36 -------- d--h--w- c:\windows\Internet Logs
2011-11-21 17:03 . 2010-10-19 20:51 222080 ---h--w- c:\windows\system32\MpSigStub.exe
2011-11-21 16:48 . 2011-11-21 16:48 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-11-16 15:34 . 2011-11-16 15:34 -------- d--h--w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2011-11-13 00:36 . 2011-11-21 21:52 -------- d-sh--w- c:\documents and settings\bridge\Local Settings\Application Data\4b14f1b1
2011-11-11 13:00 . 2011-11-05 06:53 134104 ---ha-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-11 13:00 . 2011-11-05 06:53 89048 ---ha-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-11 13:00 . 2011-11-05 06:53 801752 ---ha-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-11 13:00 . 2011-11-05 06:53 478168 ---ha-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-11 13:00 . 2011-11-05 06:53 1989592 ---ha-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-11 13:00 . 2011-11-05 06:53 15832 ---ha-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-11 13:00 . 2011-11-05 03:21 2106216 ---ha-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-11 13:00 . 2011-11-05 03:21 1998168 ---ha-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-10-28 03:53 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-09-30 18:21 . 2011-09-30 18:21 0 -c-ha-w- c:\windows\system32\ConduitEngine.tmp
2011-09-28 07:06 . 2004-08-04 10:00 599040 ---ha-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ---ha-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 10:00 220160 ---ha-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 10:00 20480 ---ha-w- c:\windows\system32\oleaccrc.dll
2011-11-05 06:53 . 2011-11-11 13:00 134104 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37d0e5c3-24d6-46bc-86db-72cdb80b13de}]
2011-05-09 08:49 176936 ---ha-w- c:\program files\Bridge_Auto_Parts\prxtbBrid.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37d0e5c3-24d6-46bc-86db-72cdb80b13de}"= "c:\program files\Bridge_Auto_Parts\prxtbBrid.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37d0e5c3-24d6-46bc-86db-72cdb80b13de}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37D0E5C3-24D6-46BC-86DB-72CDB80B13DE}"= "c:\program files\Bridge_Auto_Parts\prxtbBrid.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37d0e5c3-24d6-46bc-86db-72cdb80b13de}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"nwiz"="nwiz.exe" [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\bridge\Start Menu\Programs\Startup\
autoease.lnk - c:\program files\FacetCorp\FacetWin\FacetWin Terminal Configurations\autoease.fwt [2008-10-28 1650]
OfficePopup.lnk - c:\program files\OfficePopup\OfficePopup.exe [2010-10-5 671744]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
QuickButtons General.lnk - c:\program files\QuickButtons\QuickButtons.exe [2005-12-13 501912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\documents and settings\bridge\Desktop\freespywareremoval\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\documents and settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FacetCorp\\FacetWin\\fwagent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\xdeep32_40\\usr\\X11R6\\bin\\xdeep32.exe"=
"c:\\Program Files\\OfficePopup\\OfficePopup.exe"=
.
R0 42227559;42227559;c:\windows\system32\drivers\42227559.sys [12/5/2011 4:00 PM 133208]
R1 SASDIFSV;SASDIFSV;c:\documents and settings\bridge\Desktop\freespywareremoval\sasdifsv.sys [11/28/2011 5:09 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\documents and settings\bridge\Desktop\freespywareremoval\SASKUTIL.SYS [11/28/2011 5:09 PM 67664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/5/2008 10:59 AM 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/5/2008 10:59 AM 76040]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/5/2008 10:59 AM 97928]
S2 Application Updater;Application Updater;"c:\program files\Application Updater\ApplicationUpdater.exe" --> c:\program files\Application Updater\ApplicationUpdater.exe [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/5/2008 10:59 AM 875288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 3:15 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/6/2010 3:15 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc7a2da685e8d4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:14]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:14]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{79623B3E-72FC-401C-834F-64236350CB33}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?hl=en&q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
FF - ProfilePath - c:\documents and settings\bridge\Application Data\Mozilla\Firefox\Profiles\ns7v42j8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Messenger (Yahoo!) - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKLM-Run-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-QuickButtons_1.0 - c:\windows\iun6002.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-06 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\documents and settings\bridge\Desktop\freespywareremoval\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3864)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\stsystra.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-12-06 12:57:39 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-06 17:57
.
Pre-Run: 61,111,017,472 bytes free
Post-Run: 61,275,541,504 bytes free
.
- - End Of File - - 886415CE89356F7D9166B27E9D34CE92

Re: need help with->DOS/ALUREON.E6th December 2011, 8:12 pm

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

c:\windows\system32\drivers\42227559.sys

* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
*******************************************************

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Re: need help with->DOS/ALUREON.E6th December 2011, 8:28 pm

computer infected still has no access to the internet Jotti's malware scan
dont work control v dont work

I will do the tdsskiller though

Re: need help with->DOS/ALUREON.E6th December 2011, 8:34 pm

15:32:03.0343 0108 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
15:32:03.0343 0108 ============================================================
15:32:03.0343 0108 Current date / time: 2011/12/06 15:32:03.0343
15:32:03.0343 0108 SystemInfo:
15:32:03.0343 0108
15:32:03.0343 0108 OS Version: 5.1.2600 ServicePack: 3.0
15:32:03.0343 0108 Product type: Workstation
15:32:03.0343 0108 ComputerName: BYPC3
15:32:03.0359 0108 UserName: bridge
15:32:03.0359 0108 Windows directory: C:\WINDOWS
15:32:03.0359 0108 System windows directory: C:\WINDOWS
15:32:03.0359 0108 Processor architecture: Intel x86
15:32:03.0359 0108 Number of processors: 1
15:32:03.0359 0108 Page size: 0x1000
15:32:03.0359 0108 Boot type: Normal boot
15:32:03.0359 0108 ============================================================
15:32:04.0500 0108 Initialize success
15:32:13.0125 1996 ============================================================
15:32:13.0125 1996 Scan started
15:32:13.0125 1996 Mode: Manual;
15:32:13.0125 1996 ============================================================
15:32:13.0500 1996 42227559 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\42227559.sys
15:32:13.0515 1996 42227559 - ok
15:32:13.0546 1996 Abiosdsk - ok
15:32:13.0562 1996 abp480n5 - ok
15:32:13.0593 1996 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:32:13.0593 1996 ACPI - ok
15:32:13.0640 1996 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:32:13.0640 1996 ACPIEC - ok
15:32:13.0656 1996 adpu160m - ok
15:32:13.0687 1996 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:32:13.0687 1996 aec - ok
15:32:13.0750 1996 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:32:13.0750 1996 AFD - ok
15:32:13.0765 1996 Aha154x - ok
15:32:13.0781 1996 aic78u2 - ok
15:32:13.0781 1996 aic78xx - ok
15:32:13.0796 1996 AliIde - ok
15:32:13.0812 1996 amsint - ok
15:32:13.0828 1996 asc - ok
15:32:13.0843 1996 asc3350p - ok
15:32:13.0859 1996 asc3550 - ok
15:32:13.0906 1996 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:32:13.0906 1996 AsyncMac - ok
15:32:13.0921 1996 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:32:13.0921 1996 atapi - ok
15:32:13.0937 1996 Atdisk - ok
15:32:13.0953 1996 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:32:13.0953 1996 Atmarpc - ok
15:32:14.0000 1996 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:32:14.0000 1996 audstub - ok
15:32:14.0062 1996 AvgLdx86 (b02fbfa2ff91e8778a08f9a6053ccbe3) C:\WINDOWS\System32\Drivers\avgldx86.sys
15:32:14.0062 1996 AvgLdx86 - ok
15:32:14.0078 1996 AvgMfx86 (37a7618a843bb15b5430103c9945dc4c) C:\WINDOWS\System32\Drivers\avgmfx86.sys
15:32:14.0078 1996 AvgMfx86 - ok
15:32:14.0140 1996 AvgTdiX (c81db4dd6e6e650bf90bda09a00acc94) C:\WINDOWS\System32\Drivers\avgtdix.sys
15:32:14.0140 1996 AvgTdiX - ok
15:32:14.0187 1996 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
15:32:14.0187 1996 bcm4sbxp - ok
15:32:14.0234 1996 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:32:14.0234 1996 Beep - ok
15:32:14.0250 1996 catchme - ok
15:32:14.0296 1996 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:32:14.0296 1996 cbidf2k - ok
15:32:14.0312 1996 cd20xrnt - ok
15:32:14.0343 1996 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:32:14.0343 1996 Cdaudio - ok
15:32:14.0406 1996 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:32:14.0406 1996 Cdfs - ok
15:32:14.0453 1996 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
15:32:14.0453 1996 cercsr6 - ok
15:32:14.0468 1996 Changer - ok
15:32:14.0484 1996 CmdIde - ok
15:32:14.0515 1996 Cpqarray - ok
15:32:14.0515 1996 dac2w2k - ok
15:32:14.0531 1996 dac960nt - ok
15:32:14.0593 1996 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:32:14.0593 1996 Disk - ok
15:32:14.0640 1996 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:32:14.0656 1996 dmboot - ok
15:32:14.0687 1996 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:32:14.0687 1996 dmio - ok
15:32:14.0718 1996 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:32:14.0718 1996 dmload - ok
15:32:14.0765 1996 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:32:14.0765 1996 DMusic - ok
15:32:14.0781 1996 dpti2o - ok
15:32:14.0812 1996 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:32:14.0812 1996 drmkaud - ok
15:32:14.0828 1996 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:32:14.0843 1996 Fastfat - ok
15:32:14.0859 1996 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:32:14.0859 1996 Fdc - ok
15:32:14.0890 1996 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:32:14.0890 1996 Fips - ok
15:32:14.0906 1996 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:32:14.0906 1996 Flpydisk - ok
15:32:14.0937 1996 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:32:14.0937 1996 FltMgr - ok
15:32:14.0953 1996 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:32:14.0953 1996 Fs_Rec - ok
15:32:14.0984 1996 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:32:15.0000 1996 Ftdisk - ok
15:32:15.0015 1996 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:32:15.0015 1996 Gpc - ok
15:32:15.0078 1996 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:32:15.0078 1996 HDAudBus - ok
15:32:15.0093 1996 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:32:15.0093 1996 hidusb - ok
15:32:15.0125 1996 hpn - ok
15:32:15.0171 1996 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:32:15.0187 1996 HSFHWBS2 - ok
15:32:15.0250 1996 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
15:32:15.0281 1996 HSF_DP - ok
15:32:15.0343 1996 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:32:15.0343 1996 HTTP - ok
15:32:15.0359 1996 i2omgmt - ok
15:32:15.0375 1996 i2omp - ok
15:32:15.0406 1996 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
15:32:15.0406 1996 i8042prt - ok
15:32:15.0421 1996 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:32:15.0421 1996 Imapi - ok
15:32:15.0453 1996 ini910u - ok
15:32:15.0453 1996 IntelIde - ok
15:32:15.0500 1996 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:32:15.0500 1996 Ip6Fw - ok
15:32:15.0531 1996 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:32:15.0531 1996 IpFilterDriver - ok
15:32:15.0562 1996 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:32:15.0562 1996 IpInIp - ok
15:32:15.0609 1996 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:32:15.0609 1996 IpNat - ok
15:32:15.0625 1996 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:32:15.0625 1996 IPSec - ok
15:32:15.0671 1996 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:32:15.0671 1996 IRENUM - ok
15:32:15.0687 1996 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:32:15.0687 1996 isapnp - ok
15:32:15.0703 1996 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:32:15.0703 1996 Kbdclass - ok
15:32:15.0703 1996 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:32:15.0703 1996 kbdhid - ok
15:32:15.0750 1996 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:32:15.0750 1996 kmixer - ok
15:32:15.0796 1996 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:32:15.0796 1996 KSecDD - ok
15:32:15.0812 1996 lbrtfdc - ok
15:32:15.0843 1996 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:32:15.0843 1996 mdmxsdk - ok
15:32:15.0875 1996 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:32:15.0890 1996 mnmdd - ok
15:32:15.0921 1996 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:32:15.0921 1996 Modem - ok
15:32:15.0953 1996 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
15:32:15.0968 1996 MODEMCSA - ok
15:32:16.0000 1996 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:32:16.0000 1996 Mouclass - ok
15:32:16.0046 1996 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:32:16.0046 1996 mouhid - ok
15:32:16.0062 1996 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:32:16.0062 1996 MountMgr - ok
15:32:16.0078 1996 mraid35x - ok
15:32:16.0093 1996 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:32:16.0093 1996 MRxDAV - ok
15:32:16.0156 1996 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:32:16.0156 1996 MRxSmb - ok
15:32:16.0171 1996 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:32:16.0171 1996 Msfs - ok
15:32:16.0218 1996 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:32:16.0218 1996 MSKSSRV - ok
15:32:16.0234 1996 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:32:16.0234 1996 MSPCLOCK - ok
15:32:16.0250 1996 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:32:16.0250 1996 MSPQM - ok
15:32:16.0281 1996 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:32:16.0281 1996 mssmbios - ok
15:32:16.0328 1996 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:32:16.0328 1996 Mup - ok
15:32:16.0375 1996 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:32:16.0390 1996 NDIS - ok
15:32:16.0437 1996 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:32:16.0437 1996 NdisTapi - ok
15:32:16.0453 1996 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:32:16.0453 1996 Ndisuio - ok
15:32:16.0468 1996 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:32:16.0468 1996 NdisWan - ok
15:32:16.0484 1996 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:32:16.0484 1996 NDProxy - ok
15:32:16.0500 1996 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:32:16.0500 1996 NetBIOS - ok
15:32:16.0515 1996 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:32:16.0515 1996 NetBT - ok
15:32:16.0578 1996 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:32:16.0578 1996 Npfs - ok
15:32:16.0625 1996 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:32:16.0656 1996 Ntfs - ok
15:32:16.0718 1996 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:32:16.0718 1996 NuidFltr - ok
15:32:16.0750 1996 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:32:16.0750 1996 Null - ok
15:32:16.0890 1996 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:32:17.0000 1996 nv - ok
15:32:17.0046 1996 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:32:17.0046 1996 NwlnkFlt - ok
15:32:17.0062 1996 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:32:17.0062 1996 NwlnkFwd - ok
15:32:17.0093 1996 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
15:32:17.0093 1996 Parport - ok
15:32:17.0109 1996 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:32:17.0109 1996 PartMgr - ok
15:32:17.0140 1996 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:32:17.0140 1996 ParVdm - ok
15:32:17.0156 1996 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:32:17.0156 1996 PCI - ok
15:32:17.0171 1996 PCIDump - ok
15:32:17.0187 1996 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:32:17.0203 1996 PCIIde - ok
15:32:17.0218 1996 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:32:17.0218 1996 Pcmcia - ok
15:32:17.0234 1996 PDCOMP - ok
15:32:17.0250 1996 PDFRAME - ok
15:32:17.0250 1996 PDRELI - ok
15:32:17.0265 1996 PDRFRAME - ok
15:32:17.0281 1996 perc2 - ok
15:32:17.0296 1996 perc2hib - ok
15:32:17.0343 1996 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:32:17.0343 1996 PptpMiniport - ok
15:32:17.0359 1996 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
15:32:17.0359 1996 Processor - ok
15:32:17.0375 1996 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:32:17.0375 1996 PSched - ok
15:32:17.0390 1996 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:32:17.0390 1996 Ptilink - ok
15:32:17.0406 1996 ql1080 - ok
15:32:17.0421 1996 Ql10wnt - ok
15:32:17.0421 1996 ql12160 - ok
15:32:17.0437 1996 ql1240 - ok
15:32:17.0453 1996 ql1280 - ok
15:32:17.0468 1996 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:32:17.0468 1996 RasAcd - ok
15:32:17.0484 1996 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:32:17.0484 1996 Rasl2tp - ok
15:32:17.0500 1996 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:32:17.0500 1996 RasPppoe - ok
15:32:17.0531 1996 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:32:17.0531 1996 Raspti - ok
15:32:17.0562 1996 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:32:17.0578 1996 Rdbss - ok
15:32:17.0578 1996 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:32:17.0578 1996 RDPCDD - ok
15:32:17.0640 1996 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:32:17.0640 1996 RDPWD - ok
15:32:17.0687 1996 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:32:17.0687 1996 redbook - ok
15:32:17.0875 1996 SASDIFSV (39763504067962108505bff25f024345) C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASDIFSV.SYS
15:32:17.0875 1996 SASDIFSV - ok
15:32:17.0890 1996 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Documents and Settings\bridge\Desktop\freespywareremoval\SASKUTIL.SYS
15:32:17.0890 1996 SASKUTIL - ok
15:32:17.0968 1996 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:32:17.0968 1996 Secdrv - ok
15:32:18.0046 1996 Ser2pl (bdee4dcb4790f254528f1fd7bad213b3) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
15:32:18.0046 1996 Ser2pl - ok
15:32:18.0093 1996 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:32:18.0109 1996 Serenum - ok
15:32:18.0140 1996 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
15:32:18.0140 1996 Serial - ok
15:32:18.0187 1996 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:32:18.0187 1996 Sfloppy - ok
15:32:18.0203 1996 Simbad - ok
15:32:18.0218 1996 Sparrow - ok
15:32:18.0234 1996 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:32:18.0234 1996 splitter - ok
15:32:18.0296 1996 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:32:18.0296 1996 sr - ok
15:32:18.0359 1996 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:32:18.0375 1996 Srv - ok
15:32:18.0453 1996 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
15:32:18.0468 1996 STHDA - ok
15:32:18.0484 1996 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:32:18.0484 1996 swenum - ok
15:32:18.0531 1996 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:32:18.0531 1996 swmidi - ok
15:32:18.0562 1996 symc810 - ok
15:32:18.0562 1996 symc8xx - ok
15:32:18.0578 1996 sym_hi - ok
15:32:18.0593 1996 sym_u3 - ok
15:32:18.0609 1996 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:32:18.0609 1996 sysaudio - ok
15:32:18.0671 1996 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:32:18.0671 1996 Tcpip - ok
15:32:18.0718 1996 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:32:18.0718 1996 TDPIPE - ok
15:32:18.0734 1996 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:32:18.0734 1996 TDTCP - ok
15:32:18.0781 1996 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:32:18.0781 1996 TermDD - ok
15:32:18.0796 1996 TosIde - ok
15:32:18.0843 1996 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:32:18.0843 1996 Udfs - ok
15:32:18.0859 1996 ultra - ok
15:32:18.0921 1996 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:32:18.0953 1996 Update - ok
15:32:18.0984 1996 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:32:19.0000 1996 usbccgp - ok
15:32:19.0031 1996 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:32:19.0031 1996 usbehci - ok
15:32:19.0046 1996 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:32:19.0046 1996 usbhub - ok
15:32:19.0093 1996 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
15:32:19.0093 1996 usbohci - ok
15:32:19.0125 1996 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:32:19.0125 1996 usbprint - ok
15:32:19.0187 1996 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:32:19.0187 1996 usbscan - ok
15:32:19.0250 1996 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:32:19.0250 1996 usbstor - ok
15:32:19.0265 1996 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:32:19.0265 1996 VgaSave - ok
15:32:19.0281 1996 ViaIde - ok
15:32:19.0281 1996 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:32:19.0296 1996 VolSnap - ok
15:32:19.0343 1996 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:32:19.0343 1996 Wanarp - ok
15:32:19.0406 1996 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:32:19.0421 1996 Wdf01000 - ok
15:32:19.0421 1996 WDICA - ok
15:32:19.0468 1996 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:32:19.0468 1996 wdmaud - ok
15:32:19.0546 1996 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:32:19.0562 1996 winachsf - ok
15:32:19.0640 1996 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:32:19.0750 1996 \Device\Harddisk0\DR0 - ok
15:32:19.0765 1996 Boot (0x1200) (4c3f6e8e4bdaddebee4e4974504edfe5) \Device\Harddisk0\DR0\Partition0
15:32:19.0765 1996 \Device\Harddisk0\DR0\Partition0 - ok
15:32:19.0765 1996 ============================================================
15:32:19.0765 1996 Scan finished
15:32:19.0765 1996 ============================================================
15:32:19.0781 0240 Detected object count: 0
15:32:19.0781 0240 Actual detected object count: 0

Re: need help with->DOS/ALUREON.E7th December 2011, 2:25 am

Sorry. I didn't know that you still couldn't access the net. Are you using a wireless connection? Did you try resetting your modem?

Re: need help with->DOS/ALUREON.E7th December 2011, 6:09 pm

just tried no good

Re: need help with->DOS/ALUREON.E7th December 2011, 7:08 pm

dannyr wrote:

just tried no good

Is it wireless or wired?

Re: need help with->DOS/ALUREON.E7th December 2011, 7:13 pm

wired

Re: need help with->DOS/ALUREON.E7th December 2011, 7:48 pm

A device attached to the system is not functioning. (0x8007001f)

This showed up when you ran MiniToolBox. Could you please check your Device Manager to see if there are any yellow question marks there. Yet, it also shows that the signal is getting through.

Download WinSockXPFix to fix broken LSP chain for XP (if needed).

Double click on WinsockXPFix.
Click Fix.

Re: need help with->DOS/ALUREON.E7th December 2011, 9:44 pm

that worked i have internet now

Re: need help with->DOS/ALUREON.E7th December 2011, 11:59 pm

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:

Code:

c:\windows\system32\drivers\42227559.sys

Re: need help with->DOS/ALUREON.E8th December 2011, 12:05 am

http://virusscan.jotti.org/en/scanresult/99fef38ee6ce3400704e628dfb0bf122237b606f/05e6530e69b7a70465069c91433aff4dffec7f3f

Re: need help with->DOS/ALUREON.E8th December 2011, 12:09 am

http://virusscan.jotti.org/en/scanresult/05e6530e69b7a70465069c91433aff4dffec7f3f/158152d36f92458358f8baafa0f715a3bf5cce19

Re: need help with->DOS/ALUREON.E8th December 2011, 7:29 pm

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the need help with->DOS/ALUREON.E - Page 2 EsetOnline

need help with->DOS/ALUREON.E - Page 2 EsetOnline

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

need help with->DOS/ALUREON.E - Page 2 EsetAcceptTerms

•Click the need help with->DOS/ALUREON.E - Page 2 EsetStart

button.
•Accept any security warnings from your browser.
•Check need help with->DOS/ALUREON.E - Page 2 EsetScanArchives

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push need help with->DOS/ALUREON.E - Page 2 EsetListThreats

need help with->DOS/ALUREON.E - Page 2 EsetListThreats

•Push

need help with->DOS/ALUREON.E - Page 2 EsetExport

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the need help with->DOS/ALUREON.E - Page 2 EsetBack

need help with->DOS/ALUREON.E - Page 2 EsetBack

button.
•Push need help with->DOS/ALUREON.E - Page 2 EsetFinish

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Re: need help with->DOS/ALUREON.E9th December 2011, 5:04 pm

dave right after I install it hangs and never comes back

Re: need help with->DOS/ALUREON.E9th December 2011, 6:07 pm

Ok. Let's try this one.

Run the F-Secure Online Scanner for Viruses, Spyware and Rootkits.

Note: This Scanner is for Internet Explorer Only!

•Click on Online Services and then Online Scanner
•Accept the License Agreement.
•Once the ActiveX installs,Click Full System Scan
•Once the download completes,the scan will begin automatically.
•The scan will take some time to finish,so please be patient.
•When the scan completes, click the Automatic cleaning (recommended) button.

•Click the Show Report button and Copy&Paste the entire report in your next reply.

Re: need help with->DOS/ALUREON.E9th December 2011, 7:04 pm

Scanning Report
Friday, December 9, 2011 13:17:24 - 14:04:16
Computer name: BYPC3
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

--------------------------------------------------------------------------------

No malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 43687
System: 2914
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\$NTUNINSTALLKB17754$\3151057633
C:\DOCUMENTS AND SETTINGS\BRIDGE\LOCAL SETTINGS\TEMP\HSPERFDATA_BRIDGE\2000
C:\DOCUMENTS AND SETTINGS\BRIDGE\APPLICATION DATA\SUN\JAVA\DEPLOYMENT\CACHE\6.0\39\F0CF627-4D4353D6

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

Re: need help with->DOS/ALUREON.E9th December 2011, 11:21 pm

Well, that looks good. How's your computer working now? Any other issues?

Re: need help with->DOS/ALUREON.E10th December 2011, 3:28 pm

everything seems normal

Re: need help with->DOS/ALUREON.E10th December 2011, 7:01 pm

Ok. Let's do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys together for the Run box.
* Now type blackpudding.bat /uninstall in the runbox
* Make sure there's a space between blackpudding.bat and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
*****************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
********************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

need help with->DOS/ALUREON.E

descriptionRe: need help with->DOS/ALUREON.E2nd December 2011, 6:57 pm

descriptionRe: need help with->DOS/ALUREON.E3rd December 2011, 3:42 pm

descriptionRe: need help with->DOS/ALUREON.E3rd December 2011, 7:27 pm

descriptionRe: need help with->DOS/ALUREON.E3rd December 2011, 9:11 pm

descriptionRe: need help with->DOS/ALUREON.E4th December 2011, 1:56 am

descriptionRe: need help with->DOS/ALUREON.E4th December 2011, 7:53 pm

descriptionRe: need help with->DOS/ALUREON.E5th December 2011, 2:00 am

descriptionRe: need help with->DOS/ALUREON.E5th December 2011, 1:43 pm

descriptionRe: need help with->DOS/ALUREON.E5th December 2011, 8:29 pm

descriptionRe: need help with->DOS/ALUREON.E6th December 2011, 3:57 pm

descriptionRe: need help with->DOS/ALUREON.E6th December 2011, 4:40 pm

descriptionRe: need help with->DOS/ALUREON.E6th December 2011, 6:07 pm

descriptionRe: need help with->DOS/ALUREON.E6th December 2011, 8:12 pm

descriptionRe: need help with->DOS/ALUREON.E6th December 2011, 8:28 pm

descriptionRe: need help with->DOS/ALUREON.E6th December 2011, 8:34 pm

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 2:25 am

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 6:09 pm

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 7:08 pm

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 7:13 pm

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 7:48 pm

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 9:44 pm

descriptionRe: need help with->DOS/ALUREON.E7th December 2011, 11:59 pm

descriptionRe: need help with->DOS/ALUREON.E8th December 2011, 12:05 am

descriptionRe: need help with->DOS/ALUREON.E8th December 2011, 12:09 am

descriptionRe: need help with->DOS/ALUREON.E8th December 2011, 7:29 pm

descriptionRe: need help with->DOS/ALUREON.E9th December 2011, 5:04 pm

descriptionRe: need help with->DOS/ALUREON.E9th December 2011, 6:07 pm

descriptionRe: need help with->DOS/ALUREON.E9th December 2011, 7:04 pm

descriptionRe: need help with->DOS/ALUREON.E9th December 2011, 11:21 pm

descriptionRe: need help with->DOS/ALUREON.E10th December 2011, 3:28 pm

descriptionRe: need help with->DOS/ALUREON.E10th December 2011, 7:01 pm

descriptionRe: need help with->DOS/ALUREON.E

Re: need help with->DOS/ALUREON.E2nd December 2011, 6:57 pm

Re: need help with->DOS/ALUREON.E3rd December 2011, 3:42 pm

Re: need help with->DOS/ALUREON.E3rd December 2011, 7:27 pm

Re: need help with->DOS/ALUREON.E3rd December 2011, 9:11 pm

Re: need help with->DOS/ALUREON.E4th December 2011, 1:56 am

Re: need help with->DOS/ALUREON.E4th December 2011, 7:53 pm

Re: need help with->DOS/ALUREON.E5th December 2011, 2:00 am

Re: need help with->DOS/ALUREON.E5th December 2011, 1:43 pm

Re: need help with->DOS/ALUREON.E5th December 2011, 8:29 pm

Re: need help with->DOS/ALUREON.E6th December 2011, 3:57 pm

Re: need help with->DOS/ALUREON.E6th December 2011, 4:40 pm

Re: need help with->DOS/ALUREON.E6th December 2011, 6:07 pm

Re: need help with->DOS/ALUREON.E6th December 2011, 8:12 pm

Re: need help with->DOS/ALUREON.E6th December 2011, 8:28 pm

Re: need help with->DOS/ALUREON.E6th December 2011, 8:34 pm

Re: need help with->DOS/ALUREON.E7th December 2011, 2:25 am

Re: need help with->DOS/ALUREON.E7th December 2011, 6:09 pm

Re: need help with->DOS/ALUREON.E7th December 2011, 7:08 pm

Re: need help with->DOS/ALUREON.E7th December 2011, 7:13 pm

Re: need help with->DOS/ALUREON.E7th December 2011, 7:48 pm

Re: need help with->DOS/ALUREON.E7th December 2011, 9:44 pm

Re: need help with->DOS/ALUREON.E7th December 2011, 11:59 pm

Re: need help with->DOS/ALUREON.E8th December 2011, 12:05 am

Re: need help with->DOS/ALUREON.E8th December 2011, 12:09 am

Re: need help with->DOS/ALUREON.E8th December 2011, 7:29 pm

Re: need help with->DOS/ALUREON.E9th December 2011, 5:04 pm

Re: need help with->DOS/ALUREON.E9th December 2011, 6:07 pm

Re: need help with->DOS/ALUREON.E9th December 2011, 7:04 pm

Re: need help with->DOS/ALUREON.E9th December 2011, 11:21 pm

Re: need help with->DOS/ALUREON.E10th December 2011, 3:28 pm

Re: need help with->DOS/ALUREON.E10th December 2011, 7:01 pm

Re: need help with->DOS/ALUREON.E