TechSpot

About to run 8-step and post logs; quick questions first:

By losdavos
Jan 2, 2011
  1. Hi, thanks in advance.

    I understand that some of the steps require temporary disabling of live protection.

    1. Step 5 says to turn off "script blocking" protection. I don't know what "script blocking" is. Is turning off my Avast antivirus protection like in Step 4 good enough? Or is there something else I'll need to turn off when I get to step 5?

    2. Ever since successfully using the 8-Step a couple years ago, I've had "Super Anti Spyware" always running live (and auto-updating). I don't see that program mentioned in the current edition of the 8-Step. Should I definitely get rid of it and replace it with something else? Or is my Avast + Windows Firewall + general avoidance of IExplorer (I use Chrome and sometimes Firefox) good enough?

    Thanks again! Logs to follow.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    1.For both, steps, 4 and 5, you should turn off your Avast and IF you use Sybot, or Windows Defender, here it's how to disable them:

    Disable TeaTimer, as it'll interfere with the cleaning process:
    Right click Spybot's TeaTimer System Tray Icon.
    Click Exit Spybot-S&D Resident.
    TeaTimer closes.
    NOTE. If on re-boot, Spybot inquires about registry change(s), allow it.

    *********************************************

    Disable Windows Defender, as it'll interfere with cleaning process:
    - Open Windows Defender by clicking the Start, clicking All Programs, and then clicking Windows Defender.
    - Click Tools
    then...

    ++ Windows XP:
    - Click General Settings
    - Scroll down to Real Time Protection Options
    - Uncheck Turn on Real Time Protection
    - After you uncheck this, click on the Save button
    - Close Windows Defender

    ++ Windows Vista:
    - Click Options
    - Under Administrator options, clear the Use Windows Defender check box, and then click Save.

    Enable Windows Defender, when all cleaning is done.

    2. Superantispyware is an excellent program and it works as a very good supplement to Malwarebytes.
     
  3. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Here are my logs

    Now I'm wondering if maybe nothing was wrong. I was seeing a lot more popups than usual and strange ads that looked out of place on the sites they appeared...
    Logs:
    Mbam:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5441

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/2/2011 12:47:21 AM
    mbam-log-2011-01-02 (00-47-21).txt

    Scan type: Quick scan
    Objects scanned: 140936
    Time elapsed: 6 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-02 01:03:36
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\ahcix861Port0Path0Target0Lun0 Hitachi_ rev.FBEO
    Running: uz5z0qvo.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdypog.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x93B22BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x93B229D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x93B22B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device aswSP.SYS (avast! self protection module/AVAST Software)
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    DDS:
    dds.txt:

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Administrator at 1:10:02.57 on Sun 01/02/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1010 [GMT -5:00]

    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\System32\svchost.exe -k Cognizance
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\AccelerometerSt.Exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MozyHome\mozystat.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    svchost.exe
    c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\MozyHome\mozybackup.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\mqsvc.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Administrator\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Power DVD Player] "c:\program files\power dvd player\PowerDVDPlayer.exe" hmw
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [AccelerometerSysTrayApplet] c:\windows\system32\AccelerometerSt.Exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200"
    mRun: [EPSON Stylus CX4200 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P35 "EPSON Stylus CX4200 Series (Copy 1)" /O6 "USB001" /M "Stylus CX4200"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
    AppInit_DLLs: APSHook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli ASWLNPkg

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\0vwr0176.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google Powered Search
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0vwr0176.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\0vwr0176.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\administrator\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\administrator\application data\Move Networks

    ============= SERVICES / DRIVERS ===============

    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-6-27 174600]
    R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-6-27 15416]
    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-30 108752]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-30 51376]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-30 12928]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-2-16 165584]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-30 12496]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-16 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 40384]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-30 256512]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-24 359952]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-27 193840]
    S2 gupdate1c9c2fd5efdb22e;Google Update Service (gupdate1c9c2fd5efdb22e);c:\program files\google\update\GoogleUpdate.exe [2009-4-21 133104]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-13 40384]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-6-2 18944]

    =============== File Associations ===============

    inffile=c:\windows\system32\NOTEPAD.EXE "%1"

    =============== Created Last 30 ================

    2011-01-02 05:37:13 -------- d-----w- c:\docume~1\admini~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-12-21 05:58:07 -------- d-----w- c:\program files\iPod
    2010-12-21 05:58:00 -------- d-----w- c:\program files\iTunes
    2010-12-15 13:32:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
    2010-12-15 13:32:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-12-15 13:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-12-15 10:35:48 -------- d-----w- c:\docume~1\admini~1\applic~1\Local
    2010-12-14 21:42:05 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-14 21:41:41 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2010-12-14 10:20:09 -------- d-----w- c:\program files\Bonjour
    2010-12-10 02:32:05 -------- d-----w- c:\program files\ezt
    2010-12-06 19:09:50 11336456 ----a-w- c:\documents and settings\all users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
    2010-12-06 19:09:50 -------- d-----w- c:\documents and settings\all users\Temp

    ==================== Find3M ====================

    2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
    2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys
    2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 1:10:58.09 ===============


    Attach:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/24/2009 12:23:10 AM
    System Uptime: 1/2/2011 12:32:51 AM (1 hours ago)

    Motherboard: Hewlett-Packard | | 30E4
    Processor: AMD Turion(tm)X2 Dual Core Mobile RM-70 | Unknown | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 232 GiB total, 111.548 GiB free.
    D: is FIXED (FAT32) - 1 GiB total, 0.999 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP566: 10/4/2010 3:38:28 AM - System Checkpoint
    RP567: 10/5/2010 6:28:02 AM - System Checkpoint
    RP568: 10/6/2010 3:00:17 AM - Software Distribution Service 3.0
    RP569: 10/7/2010 3:00:30 AM - System Checkpoint
    RP570: 10/8/2010 9:34:06 AM - System Checkpoint
    RP571: 10/9/2010 12:46:06 PM - System Checkpoint
    RP572: 10/10/2010 1:33:18 PM - System Checkpoint
    RP573: 10/11/2010 2:10:03 PM - System Checkpoint
    RP574: 10/12/2010 2:42:39 PM - System Checkpoint
    RP575: 10/13/2010 3:00:25 AM - Software Distribution Service 3.0
    RP576: 10/14/2010 6:19:37 AM - System Checkpoint
    RP577: 10/15/2010 7:43:39 AM - System Checkpoint
    RP578: 10/16/2010 10:57:57 AM - System Checkpoint
    RP579: 10/17/2010 11:19:53 AM - System Checkpoint
    RP580: 10/18/2010 6:36:42 PM - System Checkpoint
    RP581: 10/19/2010 6:44:05 PM - System Checkpoint
    RP582: 10/20/2010 7:29:14 PM - System Checkpoint
    RP583: 10/23/2010 12:25:32 AM - System Checkpoint
    RP584: 10/24/2010 5:50:24 AM - System Checkpoint
    RP585: 10/25/2010 1:37:25 AM - Installed Java(TM) 6 Update 22
    RP586: 10/26/2010 2:13:11 AM - System Checkpoint
    RP587: 10/27/2010 2:15:53 AM - System Checkpoint
    RP588: 10/28/2010 2:37:18 AM - System Checkpoint
    RP589: 10/29/2010 3:05:50 AM - System Checkpoint
    RP590: 10/30/2010 3:33:15 AM - System Checkpoint
    RP591: 10/31/2010 5:48:32 AM - System Checkpoint
    RP592: 11/1/2010 8:56:44 AM - System Checkpoint
    RP593: 11/2/2010 9:39:02 AM - System Checkpoint
    RP594: 11/3/2010 10:32:41 AM - System Checkpoint
    RP595: 11/4/2010 11:08:06 AM - System Checkpoint
    RP596: 11/6/2010 12:59:58 AM - System Checkpoint
    RP597: 11/7/2010 12:59:41 AM - System Checkpoint
    RP598: 11/8/2010 1:48:52 AM - System Checkpoint
    RP599: 11/9/2010 5:47:55 AM - System Checkpoint
    RP600: 11/10/2010 1:20:30 AM - Software Distribution Service 3.0
    RP601: 11/11/2010 1:43:21 AM - System Checkpoint
    RP602: 11/12/2010 3:13:40 AM - System Checkpoint
    RP603: 11/13/2010 5:03:10 AM - System Checkpoint
    RP604: 11/14/2010 6:07:58 AM - System Checkpoint
    RP605: 11/15/2010 7:01:02 AM - System Checkpoint
    RP606: 11/16/2010 9:28:31 AM - System Checkpoint
    RP607: 11/17/2010 9:32:52 AM - System Checkpoint
    RP608: 11/18/2010 2:15:46 PM - System Checkpoint
    RP609: 11/19/2010 4:02:06 PM - System Checkpoint
    RP610: 11/20/2010 4:48:18 PM - System Checkpoint
    RP611: 11/21/2010 5:29:53 PM - System Checkpoint
    RP612: 11/22/2010 5:41:49 PM - System Checkpoint
    RP613: 11/23/2010 5:47:01 PM - System Checkpoint
    RP614: 11/24/2010 6:18:15 PM - System Checkpoint
    RP615: 11/25/2010 7:58:44 PM - System Checkpoint
    RP616: 11/26/2010 10:21:59 PM - System Checkpoint
    RP617: 11/27/2010 10:32:01 PM - System Checkpoint
    RP618: 11/29/2010 12:32:42 AM - System Checkpoint
    RP619: 11/30/2010 2:37:51 PM - System Checkpoint
    RP620: 12/1/2010 2:45:17 PM - System Checkpoint
    RP621: 12/2/2010 3:05:12 PM - System Checkpoint
    RP622: 12/4/2010 7:44:58 AM - System Checkpoint
    RP623: 12/5/2010 8:45:41 AM - System Checkpoint
    RP624: 12/6/2010 9:01:00 AM - System Checkpoint
    RP625: 12/6/2010 2:10:52 PM - Installed MozyHome
    RP626: 12/7/2010 7:52:00 PM - System Checkpoint
    RP627: 12/8/2010 8:39:14 PM - System Checkpoint
    RP628: 12/9/2010 11:25:22 PM - System Checkpoint
    RP629: 12/11/2010 10:04:36 AM - System Checkpoint
    RP630: 12/12/2010 10:26:44 AM - System Checkpoint
    RP631: 12/13/2010 11:18:52 AM - System Checkpoint
    RP632: 12/14/2010 5:24:31 PM - System Checkpoint
    RP633: 12/15/2010 3:00:40 AM - Software Distribution Service 3.0
    RP634: 12/16/2010 3:34:48 AM - System Checkpoint
    RP635: 12/17/2010 6:32:06 AM - System Checkpoint
    RP636: 12/19/2010 3:00:24 AM - Software Distribution Service 3.0
    RP637: 12/20/2010 7:35:58 PM - System Checkpoint
    RP638: 12/22/2010 1:15:10 AM - System Checkpoint
    RP639: 12/23/2010 1:56:31 AM - System Checkpoint
    RP640: 12/24/2010 5:54:11 AM - System Checkpoint
    RP641: 12/25/2010 6:29:16 AM - System Checkpoint
    RP642: 12/26/2010 6:51:32 AM - System Checkpoint
    RP643: 12/27/2010 12:23:34 AM - Installed Java(TM) 6 Update 23
    RP644: 12/28/2010 8:59:04 AM - System Checkpoint
    RP645: 12/29/2010 10:20:19 AM - System Checkpoint
    RP646: 12/30/2010 10:58:28 AM - System Checkpoint
    RP647: 12/31/2010 12:08:17 PM - System Checkpoint
    RP648: 1/1/2011 12:24:52 PM - System Checkpoint

    ==== Installed Programs ======================


    Acrobat.com
    ActivClient 6.1 x86
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Agere Systems HDA Modem
    Amazon MP3 Downloader 1.0.5
    AMD Driver Support for HP 3D DriverGuard
    AMD Processor Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Display Driver
    Audacity 1.2.6
    Audio CD Duplicator
    avast! Free Antivirus
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    CANON iMAGE GATEWAY Task for ZoomBrowser EX
    Canon Internet Library for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities RemoteCapture DC
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Credential Manager for HP ProtectTools
    DivX Setup
    Drive Encryption for HP ProtectTools
    EPSON Printer Software
    EPSON Scan
    Express Burn
    Express Rip
    Flickr Uploadr 3.2.1
    Garmin Communicator Plugin
    Garmin USB Drivers
    Garmin WebUpdater
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Google Updater
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP 3D DriveGuard
    HP BatteryCheck 2.10 A2
    HP Doc Viewer
    HP Help and Support
    HP JavaCard for HP ProtectTools
    HP ProtectTools Security Manager
    HP ProtectTools Security Manager Suite
    HP Quick Launch Buttons 6.40 E1
    HP Smart Web Printing
    HP Software Setup 5.00.A.7
    HP User Guide Bluetooth Addendum 0062
    HP User Guides 0108
    HP Wallpaper
    HP Webcam
    HP Webcam Application
    HP Wireless Assistant
    InterVideo DVD Check
    InterVideo Register Manager
    InterVideo WinDVD
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Windows XP Video Decoder Checkup Utility
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.6.3)
    MozyHome
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    OGA Notifier 2.0.0048.0
    Palm Desktop by ACCESS
    PeerGuardian 2.0
    Picasa 3
    Power DVD Player
    QuickTime
    RealPlayer
    RealUpgrade 1.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skins
    Skype™ 5.0
    SoundMAX
    SUPERAntiSpyware Free Edition
    Switch Sound File Converter
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vuze
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    12/28/2010 11:45:45 PM, error: VolSnap [21] - The flush and hold operation for volume D: was aborted because of low available system memory.
    12/28/2010 11:45:45 PM, error: VolSnap [21] - The flush and hold operation for volume C: was aborted because of low available system memory.
    1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:13 AM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:13 AM, error: Service Control Manager [7031] - The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    1/2/2011 12:31:13 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:12 AM, error: Service Control Manager [7034] - The ActivClient Middleware Service service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:12 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/2/2011 12:31:09 AM, error: Service Control Manager [7034] - The Drive Encryption Service service terminated unexpectedly. It has done this 1 time(s).
    1/2/2011 12:31:09 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    So far, I don't see much...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Combofix restarted the machine, and I can't find its log anywhere. I stepped away while it was running and after a while I heard the machine restart. Couldn't find Combofix.txt at C:\ or anywhere.... Here's MBRCheck:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 158):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF7358000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7347000 pci.sys
    0xF7487000 isapnp.sys
    0xF7497000 ohci1394.sys
    0xF74A7000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF798B000 intelide.sys
    0xF798D000 viaide.sys
    0xF798F000 aliide.sys
    0xF7329000 pcmcia.sys
    0xF74B7000 MountMgr.sys
    0xF730A000 ftdisk.sys
    0xF7991000 dmload.sys
    0xF72E4000 dmio.sys
    0xF78A3000 ACPIEC.sys
    0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF770F000 PartMgr.sys
    0xF74C7000 VolSnap.sys
    0xF72CC000 atapi.sys
    0xF728B000 ahcix86.sys
    0xF7273000 \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
    0xF74D7000 SbAlg.sys
    0xF74E7000 disk.sys
    0xF74F7000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7253000 fltmgr.sys
    0xF7993000 SbFsLock.sys
    0xF7241000 sr.sys
    0xF7507000 PxHelp20.sys
    0xF722A000 KSecDD.sys
    0xF719D000 Ntfs.sys
    0xF7170000 NDIS.sys
    0xF7517000 sfaudio.sys
    0xF7157000 SafeBoot.sys
    0xF713D000 Mup.sys
    0xF7717000 hpdskflt.sys
    0xF771F000 Amddfltr.sys
    0xA9F64000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
    0xA9310000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xA92FC000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xA92B3000 \SystemRoot\system32\DRIVERS\yk51x86.sys
    0xA9F54000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF76E7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7547000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xA9290000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7887000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF788F000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xA926C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF772F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xA9244000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF76F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF773F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0xA97C9000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xA91C8000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xF7747000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xA9195000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF79D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF774F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7757000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0xF792F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7933000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0xA97B9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF775F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7937000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF7B4E000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xA97A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF793B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xA917E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xA9799000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xA9789000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xA916D000 \SystemRoot\system32\DRIVERS\psched.sys
    0xA9779000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF776F000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xA913D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xA9769000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79D3000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xA90DF000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xA9A5A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xA9759000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7687000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x978A5000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0x97881000 \SystemRoot\system32\drivers\portcls.sys
    0xF7697000 \SystemRoot\system32\drivers\drmk.sys
    0x97869000 \SystemRoot\system32\drivers\AEAudio.sys
    0x97743000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xF7807000 \SystemRoot\System32\Drivers\Modem.SYS
    0x93EF1000 \SystemRoot\system32\DRIVERS\mozy.sys
    0xF7A33000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x9497E000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A35000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9525A000 \SystemRoot\System32\drivers\vga.sys
    0xF7A37000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A39000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x95252000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x9524A000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x97733000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0x93EBE000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0x93E65000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0x94D88000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x93E3F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0x93E18000 \SystemRoot\System32\Drivers\Mpfp.sys
    0x94D78000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x94D68000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    0x93DF0000 \SystemRoot\system32\DRIVERS\netbt.sys
    0x93DCE000 \SystemRoot\System32\drivers\afd.sys
    0x94D58000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x93DAC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0x94E3A000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xF7A3B000 \SystemRoot\System32\Drivers\RsvLock.SYS
    0x93D81000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x93D11000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9443E000 \SystemRoot\System32\Drivers\Fips.SYS
    0x93B58000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0x9442E000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0x94E32000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0x93B34000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x93B0D000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x911A7000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0x91110000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x8F420000 \SystemRoot\System32\Drivers\dump_ahcix86.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x8FF5A000 \SystemRoot\System32\drivers\Dxapi.sys
    0x9117F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0x90FDD000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF05F000 \SystemRoot\System32\ati2cqag.dll
    0xBF0DE000 \SystemRoot\System32\atikvmag.dll
    0xBF14E000 \SystemRoot\System32\atiok3x2.dll
    0xBF17C000 \SystemRoot\System32\ati3duag.dll
    0xBF484000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0x8F940000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA8069000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8B2B4000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x8AF44000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x8ABFB000 \SystemRoot\system32\drivers\wdmaud.sys
    0x8AD64000 \SystemRoot\system32\drivers\sysaudio.sys
    0x8A996000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0x8AB05000 \SystemRoot\system32\DRIVERS\srv.sys
    0x8AACE000 \??\C:\WINDOWS\system32\drivers\mqac.sys
    0x8D9FD000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
    0x8F042000 \SystemRoot\System32\Drivers\HTTP.sys
    0x8F9AF000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8ECEE000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwtdypog.sys
    0x95A78000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
    0x8EC53000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 72):
    0 System Idle Process
    4 System
    628 C:\WINDOWS\system32\smss.exe
    688 csrss.exe
    720 C:\WINDOWS\system32\winlogon.exe
    764 C:\WINDOWS\system32\services.exe
    776 C:\WINDOWS\system32\lsass.exe
    960 C:\WINDOWS\system32\svchost.exe
    988 C:\WINDOWS\system32\ati2evxx.exe
    1012 C:\WINDOWS\system32\svchost.exe
    1076 C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    1120 svchost.exe
    1164 C:\WINDOWS\system32\svchost.exe
    1256 svchost.exe
    1288 svchost.exe
    1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1476 acevents.exe
    1532 C:\WINDOWS\system32\ati2evxx.exe
    1832 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    1848 C:\WINDOWS\explorer.exe
    432 C:\WINDOWS\system32\accelerometerST.exe
    472 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    504 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    512 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    680 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    1068 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1228 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    1200 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    1304 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1616 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    1668 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    1744 C:\Program Files\iTunes\iTunesHelper.exe
    1908 C:\WINDOWS\system32\ctfmon.exe
    2108 C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
    2136 C:\Program Files\Skype\Phone\Skype.exe
    2224 C:\Program Files\MozyHome\mozystat.exe
    2232 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2360 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    2724 C:\WINDOWS\system32\spoolsv.exe
    2800 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2984 scardsvr.exe
    3228 svchost.exe
    3348 msdtc.exe
    3412 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    3472 C:\Program Files\Skype\Plugin Manager\skypePM.exe
    3536 C:\WINDOWS\system32\agrsmsvc.exe
    3556 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    3664 C:\Program Files\Bonjour\mDNSResponder.exe
    3824 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    3848 C:\Program Files\Java\jre6\bin\jqs.exe
    3896 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    3948 C:\Program Files\MozyHome\mozybackup.exe
    4004 C:\WINDOWS\system32\svchost.exe
    4076 C:\WINDOWS\system32\mqsvc.exe
    652 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    828 C:\WINDOWS\system32\mqtgsvc.exe
    344 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    2412 C:\Program Files\Canon\CAL\CALMAIN.exe
    3076 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    3328 wmiprvse.exe
    3508 C:\Program Files\iPod\bin\iPodService.exe
    4132 alg.exe
    4412 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    4560 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    3216 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    5308 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    4636 C:\WINDOWS\system32\rundll32.exe
    468 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    3860 C:\WINDOWS\system32\sndvol32.exe
    6084 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    7832 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    6264 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`f8517c00 (FAT32)

    PhysicalDrive0 Model Number: HitachiHTS543225L9A3, Rev: FBEO

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 RE: Unknown MBR code
    SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    Combofix:
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Combofix.
     
  7. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Here's my Combofix log, thanks:

    ComboFix 11-01-02.03 - Administrator 01/03/2011 1:12.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.1038 [GMT -5:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\Local
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1754786586452_50476.mp4.ddr
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\2.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\3.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\dexter.s05e12.hdtv.xvid-fqm.avi.ddr
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\2.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\3.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\1754786586452_50476.mp4
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\dexter.s05e12.hdtv.xvid-fqm.avi
    c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\documents and settings\Administrator\g2mdlhlpx.exe
    C:\Thumbs.db
    c:\windows\system32\Thumbs.db

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
    .

    2011-01-02 05:37 . 2011-01-02 05:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-12-21 05:58 . 2010-12-21 05:58 -------- d-----w- c:\program files\iPod
    2010-12-21 05:58 . 2010-12-21 05:59 -------- d-----w- c:\program files\iTunes
    2010-12-15 13:32 . 2010-12-16 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-12-15 13:32 . 2010-12-15 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-12-14 21:42 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-14 21:41 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2010-12-14 10:20 . 2010-12-14 10:20 -------- d-----w- c:\program files\Bonjour
    2010-12-13 11:35 . 2010-12-13 11:35 -------- d-----w- c:\program files\Common Files\Skype
    2010-12-11 03:59 . 2010-12-11 03:59 -------- d-----w- c:\program files\Panasonic
    2010-12-10 02:32 . 2010-12-27 05:27 -------- d-----w- c:\program files\ezt
    2010-12-06 19:09 . 2010-12-06 19:09 -------- d-----w- c:\documents and settings\All Users\Temp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 23:09 . 2009-02-12 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2009-02-12 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-18 18:12 . 2004-08-04 08:00 81920 ------w- c:\windows\system32\isign32.dll
    2010-11-12 23:53 . 2010-06-14 06:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-12 21:34 . 2010-04-08 08:14 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-12 18:46 . 2010-11-12 18:46 4280320 ----a-w- c:\windows\system32\GPhotos.scr
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2010-11-08 21:06 . 2009-04-06 05:09 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
    2010-11-06 00:26 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-06 00:26 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-11-06 00:26 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-11-03 12:25 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 08:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 08:00 1853312 ------w- c:\windows\system32\win32k.sys
    2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2010-11-08 21:06 3424056 ----a-w- c:\program files\MozyHome\mozyshell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-17 133104]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 39408]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-18 2424560]
    "Power DVD Player"="c:\program files\Power DVD Player\PowerDVDPlayer.exe" [2007-09-06 391168]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
    "AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-06-09 82224]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-06-02 238984]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
    "Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-05-14 61440]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1044480]
    "EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
    "EPSON Stylus CX4200 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-17 202256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-08 1226608]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-11-8 3571512]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
    2007-05-15 23:08 112640 ------w- c:\windows\system32\ackpbsc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
    2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2008-05-21 00:42 111888 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\APSHook.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Palm\\Hotsync.exe"=
    "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5910:TCP"= 5910:TCP:vnc5910

    R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [6/27/2008 1:57 AM 174600]
    R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [6/27/2008 2:21 AM 15416]
    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [5/30/2008 11:36 AM 108752]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [5/30/2008 11:37 AM 51376]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [5/30/2008 11:37 AM 12928]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 5:14 AM 24064]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/16/2009 10:12 AM 165584]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [5/30/2008 11:37 AM 12496]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 67656]
    R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 6:08 PM 182576]
    R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 3:00 AM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/16/2009 10:12 AM 17744]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [5/30/2008 11:36 AM 256512]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/27/2008 3:21 AM 193840]
    S2 gupdate1c9c2fd5efdb22e;Google Update Service (gupdate1c9c2fd5efdb22e);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 10:49 PM 133104]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]
    S4 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [6/2/2008 12:32 PM 18944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASBroker ASChannel
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2011-01-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 03:49]

    2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 03:49]

    2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 03:49]

    2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 01:48]

    2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-17 01:48]

    2011-01-03 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

    2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1462882443-3925474752-26676261-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

    2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1462882443-3925474752-26676261-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

    2010-11-10 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-06-06 04:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
    DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google Powered Search
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Administrator\Application Data\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-03 01:38
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|?M?|?????M?|??@

    scanning hidden files ...


    c:\windows\TEMP\_asw_aisI.tm~a05388\onefile 540 bytes
    c:\windows\TEMP\_asw_aisI.tm~a05388\setup.lok 0 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1462882443-3925474752-26676261-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,0b,f7,a6,f2,b5,90,40,ac,3f,c1,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,3d,e8,f4,30,12,a5,4a,9d,91,b8,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,aa,db,54,3a,1c,9a,42,b9,31,80,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(724)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\ackpbsc.dll
    c:\windows\system32\aclog.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
    c:\windows\system32\ACLIBEAY.dll
    c:\windows\system32\acevtsub.dll
    c:\windows\system32\asphat32.dll
    c:\windows\system32\acerrmes.dll
    c:\windows\system32\aspcom.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
    c:\program files\ActivIdentity\ActivClient\acunlock.dll
    c:\windows\system32\aipingui.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
    c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
    c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
    c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
    c:\program files\Hewlett-Packard\IAM\bin\brand.dll
    c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
    c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
    c:\program files\Hewlett-Packard\Drive Encryption\SbHpFve.dll
    c:\program files\Hewlett-Packard\Drive Encryption\SbUILib.dll
    c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
    c:\windows\system32\acomx.dll
    c:\windows\system32\acbsi21.dll

    - - - - - - - > 'explorer.exe'(7488)
    c:\windows\system32\WININET.dll
    c:\windows\system32\APSHook.dll
    c:\program files\MozyHome\mozyshell.dll
    c:\program files\MozyHome\LIBEAY32.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\program files\MozyHome\mozybackup.exe
    c:\program files\ActivIdentity\ActivClient\acevents.exe
    c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\windows\system32\mqsvc.exe
    c:\windows\system32\mqtgsvc.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-03 01:56:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-03 06:56
    ComboFix2.txt 2009-02-16 06:48
    ComboFix3.txt 2009-02-13 05:45

    Pre-Run: 119,403,012,096 bytes free
    Post-Run: 119,327,440,896 bytes free

    - - End Of File - - B076896CAE383FC292E75737FAEFBE7C
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You never actually said, what are your computer issues.

    Combofix log looks good now....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Thanks. The problems I was having were a lot of popups (I usually get none) and a lot of weirdly out-of-place looking ads (erectile dysfunction ads on NYTimes.com). I don't know, perhaps it wasn't evidence of an infection; I hope I'm not wasting anyone's time! Here are the OTL logs (over 3 posts):

    OTL.txt, part 1 of 2:


    OTL logfile created on: 1/5/2011 10:57:06 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 231.87 Gb Total Space | 111.15 Gb Free Space | 47.94% Space Free | Partition Type: NTFS
    Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.71% Space Free | Partition Type: FAT32

    Computer Name: SHEILA | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/12/17 22:42:07 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2010/12/08 18:28:23 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2010/12/08 14:17:46 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/11/08 16:06:46 | 003,571,512 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
    PRC - [2010/10/17 17:26:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/14 05:08:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/08/16 23:07:09 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2008/06/09 10:10:04 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
    PRC - [2008/05/30 11:36:20 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2008/05/20 19:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/04 10:09:56 | 001,044,480 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
    PRC - [2007/09/06 02:28:28 | 000,391,168 | ---- | M] () -- C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
    PRC - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    PRC - [2007/05/15 18:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    PRC - [2007/05/15 18:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/08/16 23:09:00 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2008/03/25 07:17:04 | 000,076,048 | ---- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2008/06/02 12:32:16 | 000,018,944 | ---- | M] (Hewlett-Packard Development Company, L.P) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
    SRV - [2008/05/30 11:36:20 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2008/05/20 19:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2008/05/20 19:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
    SRV - [2007/05/15 18:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
    SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/06/03 20:41:22 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/19 07:25:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/19 07:25:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/07/29 15:33:04 | 000,213,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/03/02 18:20:18 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/10/23 13:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2008/05/30 11:37:06 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2008/05/30 11:37:02 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2008/05/30 11:37:00 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2008/05/30 11:36:58 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2008/05/27 08:55:48 | 000,174,600 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ahcix86.sys -- (ahcix86)
    DRV - [2008/05/23 08:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2008/05/23 08:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2008/05/15 19:33:44 | 002,881,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2008/04/28 17:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2008/04/13 13:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
    DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/11 11:19:42 | 000,338,944 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2008/04/03 16:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2008/03/28 05:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
    DRV - [2008/03/21 13:35:14 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/03/12 10:43:26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
    DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2007/12/04 16:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/04/16 18:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2001/08/17 14:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
    DRV - [2001/08/17 10:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/09/17 20:05:54 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/16 23:09:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/15 05:35:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/15 05:35:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 05:12:41 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/02 01:52:54 | 000,000,000 | ---D | M]

    [2010/02/09 21:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/02/09 21:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\uploadr@flickr.com
    [2011/01/04 19:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions
    [2009/11/19 23:38:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/09/07 19:30:38 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/04/15 20:45:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0vwr0176.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/01/04 19:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/14 01:11:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/21 06:02:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/25 00:38:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/27 00:24:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/01/03 01:37:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
    O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
    O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [EPSON Stylus CX4200 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - HKCU..\Run: [Power DVD Player] C:\Program Files\Power DVD Player\PowerDVDPlayer.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_headless/GameTapWebUpdater.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
    O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
    O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\ackpbsc: DllName - c:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
    O20 - Winlogon\Notify\acunlock: DllName - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  10. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    OTL.txt part 2 of 2:

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17465059307421696)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/05 22:55:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/01/04 23:03:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/01/03 00:09:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/02 00:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/01/02 00:11:33 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/02 00:08:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/12/27 00:24:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2010/12/27 00:24:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2010/12/27 00:24:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2010/12/21 00:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2010/12/21 00:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/12/21 00:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/12/19 09:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\calendar pictures
    [2010/12/15 08:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
    [2010/12/15 08:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2010/12/15 08:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2010/12/15 05:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
    [2010/12/14 16:42:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
    [2010/12/14 16:41:41 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
    [2010/12/14 05:20:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/12/14 05:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2010/12/14 05:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/12/13 06:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    [2010/12/13 06:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/12/11 00:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2010/12/11 00:57:12 | 002,963,664 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
    [2010/12/10 22:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
    [2010/12/10 22:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
    [2010/12/09 21:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\ezt
    [2009/01/24 00:27:20 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
    [2007/07/05 03:28:52 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/01/05 23:00:21 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1462882443-3925474752-26676261-500.job
    [2011/01/05 23:00:21 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1462882443-3925474752-26676261-500.job
    [2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2011/01/05 22:31:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500UA.job
    [2011/01/05 22:13:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/05 18:31:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1462882443-3925474752-26676261-500Core.job
    [2011/01/05 18:13:24 | 000,004,390 | ---- | M] () -- C:\WINDOWS\mozy.blk
    [2011/01/05 18:13:24 | 000,002,046 | ---- | M] () -- C:\WINDOWS\mozy.flt
    [2011/01/05 14:33:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2011/01/05 06:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/05 04:52:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/05 04:52:15 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2011/01/05 04:51:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/05 04:51:36 | 1875,759,104 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/04 23:35:11 | 000,199,168 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\one-vzw.doc
    [2011/01/04 21:48:10 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Return address labels - David.doc
    [2011/01/03 23:12:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/01/03 01:37:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/03 00:09:29 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2011/01/02 23:57:27 | 004,012,456 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/01/02 23:57:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2011/01/02 00:11:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uz5z0qvo.exe
    [2011/01/02 00:11:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/02 00:08:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2010/12/25 01:38:10 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/23 07:32:06 | 000,118,623 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\santa.jpg
    [2010/12/21 15:35:37 | 000,074,188 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/12/21 00:59:18 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/19 08:58:03 | 000,078,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\return address labels 5167 David Dartley.doc
    [2010/12/18 23:37:57 | 000,166,912 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\eo-one12-18-10.doc
    [2010/12/17 23:07:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/12/16 11:07:34 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2010/12/15 05:35:48 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
    [2010/12/15 05:34:55 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
    [2010/12/15 05:34:09 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
    [2010/12/15 03:26:10 | 000,331,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/15 03:08:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/14 05:12:29 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/12/13 16:31:48 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
    [2010/12/13 16:31:48 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/12/13 06:35:57 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/12/11 00:57:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/12/11 00:57:14 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
    [2010/12/10 22:59:47 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LX5 Operating Instructions.lnk
    [2010/12/09 21:32:22 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Download Free Music.lnk
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/04 23:35:10 | 000,199,168 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\one-vzw.doc
    [2011/01/04 21:48:09 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Return address labels - David.doc
    [2011/01/03 00:06:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/01/03 00:06:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/02 23:57:29 | 004,012,456 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/01/02 23:57:09 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2011/01/02 00:11:50 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\uz5z0qvo.exe
    [2010/12/23 07:32:21 | 000,118,623 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\santa.jpg
    [2010/12/21 00:59:18 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/12/19 08:58:03 | 000,078,336 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\return address labels 5167 David Dartley.doc
    [2010/12/18 23:37:56 | 000,166,912 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\eo-one12-18-10.doc
    [2010/12/15 05:34:55 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
    [2010/12/15 05:34:09 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
    [2010/12/14 05:12:28 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/12/13 06:35:57 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/12/11 00:57:41 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2010/12/10 22:59:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LX5 Operating Instructions.lnk
    [2010/12/09 21:32:22 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Download Free Music.lnk
    [2010/11/26 23:18:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
    [2010/08/26 23:39:25 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2010/05/29 00:21:38 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\swk.ini
    [2009/11/14 16:59:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
    [2009/08/25 23:09:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2009/08/25 23:09:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2009/08/25 23:09:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2009/08/25 23:09:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2009/08/25 23:09:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2009/08/25 23:09:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2009/08/09 23:01:42 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/04/07 00:06:05 | 000,000,779 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/02/20 18:50:31 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/02/09 00:48:49 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\streamhlp.dll
    [2009/01/27 13:21:22 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/24 00:54:07 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
    [2008/06/27 03:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt
    [2008/06/27 03:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt
    [2008/06/27 03:27:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt
    [2008/06/27 02:59:59 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2008/05/30 11:36:58 | 000,108,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
    [2008/04/10 12:27:34 | 001,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
    [2007/05/10 01:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
    [2006/05/19 21:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
    [2005/12/31 09:19:08 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2005/12/31 09:13:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2005/11/30 06:49:56 | 000,161,792 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2005/04/03 17:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
    [2004/08/07 08:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/07 08:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/07 08:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/02/16 01:44:50 | 000,006,940 | ---- | M] () -- C:\aaw7boot.log
    [2009/02/13 00:38:42 | 000,000,293 | ---- | M] () -- C:\Boot.bak
    [2011/01/03 00:09:29 | 000,000,339 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/01/03 01:57:08 | 000,026,532 | ---- | M] () -- C:\ComboFix.txt
    [2011/01/05 04:51:36 | 1875,759,104 | -HS- | M] () -- C:\hiberfil.sys
    [2009/02/12 21:54:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/02/12 21:54:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 03:00:00 | 000,047,564 | -HS- | M] () -- C:\ntdetect.com
    [2009/02/16 22:36:05 | 000,250,048 | -HS- | M] () -- C:\ntldr
    [2011/01/05 04:51:34 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/09/09 02:06:11 | 000,006,656 | ---- | M] () -- C:\palm.grf

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/07 08:02:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/07 00:52:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/07 00:52:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/07 00:52:06 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/02/16 22:41:04 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/01/24 00:25:18 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/07 08:08:32 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/11 00:57:14 | 002,963,664 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup301.exe
    [2011/01/02 23:57:27 | 004,012,456 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/01/02 00:11:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/02 23:57:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
    [2011/01/05 22:55:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2009/02/08 21:48:11 | 031,262,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setupeng.exe
    [2011/01/02 00:08:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2011/01/02 00:11:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uz5z0qvo.exe
    [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2006/05/20 02:53:02 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2uvc.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2009/09/16 21:16:14 | 019,212,064 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Administrator\My Documents\HP_Smart_Web_Printing.exe
    [2009/12/30 06:33:38 | 003,244,096 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Administrator\My Documents\sp42853.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/01/24 00:25:17 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini
    [2010/06/05 23:22:27 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Administrator\Favorites\NCH Audio and Telephony Software.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/12/06 14:10:15 | 011,336,456 | ---- | M] (Mozy, Inc.) -- C:\Documents and Settings\All Users\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/01/05 23:00:19 | 000,081,920 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat
    [1 C:\Documents and Settings\Administrator\Cookies\*.tmp files -> C:\Documents and Settings\Administrator\Cookies\*.tmp -> ]

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2008/06/04 15:44:22 | 000,685,448 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Installer\HPPTSuiteInstallEngine.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/03 22:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/03 22:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/03 22:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/03 22:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/03 22:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/03 22:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/03 22:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  11. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Extras.txt:


    OTL Extras logfile created on: 1/5/2011 10:57:06 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 231.87 Gb Total Space | 111.15 Gb Free Space | 47.94% Space Free | Partition Type: NTFS
    Drive D: | 1.00 Gb Total Space | 1.00 Gb Free Space | 99.71% Space Free | Partition Type: FAT32

    Computer Name: SHEILA | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "5910:TCP" = 5910:TCP:*:Enabled:vnc5910

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome -- (Google Inc.)
    "C:\Program Files\Palm\Hotsync.exe" = C:\Program Files\Palm\Hotsync.exe:*:Enabled:HotSync® Manager Application -- (PalmSource, Inc)
    "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{05B62241-5495-46EF-5086-DBE0F37F052C}" = Catalyst Control Center Localization Korean
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
    "{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
    "{27FE77BD-2E0A-385C-C2CC-8367D877356F}" = CCC Help Norwegian
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2CD54AED-740B-1418-464E-CC8E15AD1E4F}" = Catalyst Control Center Localization Swedish
    "{2D0EE88B-8720-50A7-7F31-503B4300A8C5}" = Catalyst Control Center Localization French
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35EB3E58-F46C-CB48-C623-16A455C37C5D}" = CCC Help Turkish
    "{36C491D0-A196-F49C-C63C-3509D7A2B91D}" = CCC Help Finnish
    "{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
    "{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45E6BF4C-6DC8-B1BB-517C-5F2C1D055A9B}" = CCC Help Hungarian
    "{48072101-4DFE-9DC2-9F5D-DE0EF7193C98}" = CCC Help Korean
    "{49798684-CC48-AF5C-E513-9FFF61EFD3A6}" = CCC Help Japanese
    "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
    "{4CF11D44-43B7-1359-B438-972C69D7AD6F}" = CCC Help Spanish
    "{4ED20E34-D511-A85B-D7E5-755AE64D5F6C}" = CCC Help Portuguese
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57B186F6-E6A7-A997-92E6-3E8C6189F497}" = Catalyst Control Center Localization Japanese
    "{5AB422C9-E804-1331-233E-E44D8BBC1862}" = CCC Help German
    "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
    "{5ED80CF6-D54D-5F9B-2B9C-E3B6F927879D}" = CCC Help Czech
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{60AFC32A-B82F-3818-E90B-A71446BBCCD6}" = Catalyst Control Center Localization Greek
    "{6162653F-D1AB-6708-C73B-8411296900AE}" = Catalyst Control Center Localization Portuguese
    "{6179EAEB-0C72-0241-DC0B-0258E86B982A}" = ccc-core-preinstall
    "{64FBF438-35D1-8A01-FB00-36911B07FC72}" = Catalyst Control Center Graphics Light
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 2.10 A2
    "{6B4469FE-20FA-9E1D-6634-CF971706BD24}" = Catalyst Control Center Localization Chinese Traditional
    "{6C17DE97-6A5A-FA9C-0F4C-8B027E6AC014}" = CCC Help Russian
    "{6FCA773E-903A-5C83-D379-DD53F9EFD794}" = Catalyst Control Center Localization Turkish
    "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{747626CF-7958-290F-A7D8-6EE6549C8614}" = Catalyst Control Center Localization Hungarian
    "{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7B459B8C-D870-2C14-9BA7-ABFFBCE7CD34}" = CCC Help Italian
    "{7BE1B3CE-5476-B847-4719-4421AEC5C663}" = CCC Help Thai
    "{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
    "{875FDD1A-4259-9361-572C-780AC637C81A}" = Catalyst Control Center Localization Czech
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F676C36-74D3-9B7B-00FC-733EE5AFDA95}" = CCC Help Chinese Traditional
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{95C42225-F0E2-4480-AD65-560D854F252E}" = Palm Desktop by ACCESS
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{A2CB5EC7-E64F-5E35-2A23-63CB198649F5}" = CCC Help Greek
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A777845E-F260-4572-787B-2BD08E560C78}" = Catalyst Control Center Localization Spanish
    "{A7A1BCB9-B9EE-3DBB-6F1C-570C532B9190}" = CCC Help French
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{A9884559-F231-7727-95F4-41FDB052A536}" = Catalyst Control Center Localization Russian
    "{AB785290-EA80-7A10-B2C6-98919E514A68}" = Catalyst Control Center Graphics Full New
    "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AEA355A4-997D-A49D-A57A-CF537FFFEC84}" = Skins
    "{B18A542F-C99B-73C9-6552-73E1216E8834}" = CCC Help Dutch
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5764B71-4BCE-206A-DE15-2E05469AA74C}" = Catalyst Control Center Localization Polish
    "{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
    "{B817499D-2D52-2F37-DF6F-40735748FA88}" = CCC Help English
    "{BC66641A-3279-BB5E-BEAB-99B39D13B3BD}" = CCC Help Polish
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C3D86DED-91D7-A890-5E9E-D14D993B5E9E}" = Catalyst Control Center Localization Dutch
    "{C4BEF3C4-9DF1-6D99-6C46-BBBF8E4B07A5}" = ccc-core-static
    "{C6BB4BD5-15D5-0B2D-CF4A-49BDCD7B3AC3}" = Catalyst Control Center Localization Norwegian
    "{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
    "{C90BE263-E9B8-AD82-C517-3197FA4DA9C4}" = CCC Help Danish
    "{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBC24502-5EB5-45B6-9E56-E6A2F6AFA367}" = HP JavaCard for HP ProtectTools
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
    "{D405A9E1-5D02-46FB-A2B3-796F1F218B32}" = HP ProtectTools Security Manager
    "{D9C94F63-6B2C-9BFA-F37C-E48E1B6133E1}" = CCC Help Swedish
    "{E19DF3EF-351E-EE5E-623B-1A99C8C3EB5F}" = Catalyst Control Center Graphics Full Existing
    "{E2EF1380-9963-C7F9-3478-1046EC008C02}" = Catalyst Control Center Localization Chinese Standard
    "{E5C1C126-1687-4868-A3DD-B807176E4970}" = HP 3D DriveGuard
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
    "{E78D8DE3-E3CD-E89C-D5A0-D8FFE5F6E7F9}" = CCC Help Chinese Standard
    "{EA7D5022-7744-4D28-0E83-2DF9678C27B6}" = Catalyst Control Center Core Implementation
    "{EDD0A584-1ABB-8E7B-97AB-743C7E35EEA7}" = Catalyst Control Center Localization German
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EFBC8D78-75EA-4BB1-0CC6-172BFDF4B70F}" = Catalyst Control Center Localization Danish
    "{F01701B8-2C94-282D-9339-23AFBEDBE3E2}" = Catalyst Control Center Localization Italian
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0BE302E-6B30-B816-4EA3-23CD6A23B08D}" = ccc-utility
    "{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F657EF23-08BB-4C8D-B688-78C20FA657EA}" = Drive Encryption for HP ProtectTools
    "{F940B4EC-8504-CEE5-F36C-C2F5471D9E87}" = Catalyst Control Center Localization Thai
    "{FBAA2B2F-002D-45BB-2917-35FC46FB1326}" = Catalyst Control Center Localization Finnish
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "Audio CD Duplicator" = Audio CD Duplicator
    "avast5" = avast! Free Antivirus
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CSCLIB" = Canon Camera Support Core Library
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DivX Setup.divx.com" = DivX Setup
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Scanner" = EPSON Scan
    "ExpressBurn" = Express Burn
    "ExpressRip" = Express Rip
    "Flickr Uploadr" = Flickr Uploadr 3.2.1
    "Google Updater" = Google Updater
    "HijackThis" = HijackThis 2.0.2
    "HP Smart Web Printing" = HP Smart Web Printing
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "PeerGuardian_is1" = PeerGuardian 2.0
    "Picasa 3" = Picasa 3
    "Power DVD Player" = Power DVD Player
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RealPlayer 12.0" = RealPlayer
    "RemoteCaptureDC" = Canon Utilities RemoteCapture DC
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "Switch" = Switch Sound File Converter
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WGA" = Windows Genuine Advantage Validation Tool
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    Error - 11/18/2009 11:08:06 PM | Computer Name = SHEILA | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 1/5/2011 10:30:58 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8856000

    Error - 1/5/2011 10:31:01 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/5/2011 10:31:01 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8858672

    Error - 1/5/2011 10:31:01 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8858672

    Error - 1/5/2011 10:31:04 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/5/2011 10:31:04 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8861641

    Error - 1/5/2011 10:31:04 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8861641

    Error - 1/5/2011 10:31:06 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/5/2011 10:31:06 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8863969

    Error - 1/5/2011 10:31:06 PM | Computer Name = SHEILA | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8863969

    [ OSession Events ]
    Error - 3/28/2009 1:41:14 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:41:37 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:42:06 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:42:17 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:42:24 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:42:36 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:43:07 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:43:16 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:43:34 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    Error - 3/28/2009 1:43:41 PM | Computer Name = SHEILA | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    [ System Events ]
    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7031
    Description = The McAfee Proxy Service service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7031
    Description = The MozyHome Backup Service service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The Canon Camera Access Library 8 service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The hpqwmiex service terminated unexpectedly. It has done this 1
    time(s).

    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 1/2/2011 1:31:13 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The Com4QLBEx service terminated unexpectedly. It has done this 1
    time(s).

    Error - 1/3/2011 1:10:49 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly. It has done this
    1 time(s).

    Error - 1/3/2011 2:11:53 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly. It has done this
    1 time(s).

    Error - 1/3/2011 2:37:55 AM | Computer Name = SHEILA | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly. It has done this
    1 time(s).


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2009/01/09 08:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
      DRV - [2008/10/23 13:08:54 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://ak.g.gametap.com/static/cab_h...WebUpdater.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/...nAxControl.CAB (Reg Error: Key error.)
      O16 - DPF: vzTCPConfig http://www2.verizon.net/help/fios_se...zTCPConfig.CAB (Reg Error: Key error.)
      [1 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
      
      :Files
      c:\Program Files\Common Files\McAfee
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Ugh, I don't know what became of the log that OTL generated after I ran the custom fix you posted above! Let me know if I need to double back and repeat steps, but in the hopes that I don't, here is the checkup.txt log from "Security Check," and note that ESET said it found no threats.

    Checkup.txt:

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 23
    HP JavaCard for HP ProtectTools
    Out of date Java installed!
    Adobe Flash Player 10.1.82.76
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    ``````````End of Log````````````




    Thanks for everything so far.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, re-run OTL fix and post the log.

    ==================================================

    Update Firefox to the latest 3.6.13 version.

    ====================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  15. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Updated firefox to "3.6.6." Adobe Reader is updated and it looks like all older versions were removed in the process (I didn't actively uninstall anything).

    OTL fix log:


    All processes killed
    ========== OTL ==========
    No active process named McProxy.exe was found!
    Error: No service named MPFP was found to stop!
    Service\Driver key MPFP not found.
    File C:\WINDOWS\system32\drivers\Mpfp.sys not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    Starting removal of ActiveX control vzTCPConfig
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
    File/Folder C:\Documents and Settings\Administrator\Desktop\*.tmp not found.
    ========== FILES ==========
    File\Folder c:\Program Files\Common Files\McAfee not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 422939 bytes
    ->Temporary Internet Files folder emptied: 1283740 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 68925919 bytes
    ->Google Chrome cache emptied: 271559099 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 4875 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33251 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 327.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.1 log created on 01072011_012244

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_ec0.dat moved successfully.

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  17. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Okay, about to do steps 2-12, and here is the OTL log from step 1:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 424640 bytes
    ->Temporary Internet Files folder emptied: 1044853 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 8395855 bytes
    ->Google Chrome cache emptied: 338826245 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 3883 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 33251 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 333.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.20.1 log created on 01072011_224038

    Files\Folders moved on Reboot...
    File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    C:\WINDOWS\temp\Perflib_Perfdata_1500.dat moved successfully.

    Registry entries deleted on Reboot...
     
  18. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Thanks so much for all your help!!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    All good?..........
     
  20. losdavos

    losdavos TS Booster Topic Starter Posts: 112

    Yes! Computer doing fine. Thanks again.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...