also @ TechSpot: Microsoft wants Xbox to be the entertainment hub for all your devices

TechSpot

[Solved] Always something> about blank! trogans--2 wks ago Win32.Eyeon -may still have? LOGS

Discussion in 'Virus and Malware Removal' started by herewegoagain, Feb 1, 2012.

Page 2 of 2

  1. Broni Malware Annihilator

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab (Reg Error: Value error.)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.


    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Feb 3, 2012
    #21

  2. herewegoagain Newcomer, in training

    Happy things look good to you!
    I sent the extras.txt in a separate reply as an attachment. I kept getting
    an images error so wanted to let you know it came in after your
    reply but was sent.
    Ill be doing the new scans shortly. Thanks for all your expertise!
    herewegoagain, Feb 3, 2012
    #22

  3. Broni Malware Annihilator

    Sure thing :)
    Broni, Feb 3, 2012
    #23

  4. herewegoagain Newcomer, in training

    OTL logfile created on: 2/3/2012 11:18:54 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.37 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 60.03% Memory free
    4.16 Gb Paging File | 3.72 Gb Available in Paging File | 89.34% Paging File free
    Paging file location(s): C:\pagefile.sys 3000 3500 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 227.61 Gb Total Space | 195.65 Gb Free Space | 85.96% Space Free | Partition Type: NTFS
    Drive D: | 5.26 Gb Total Space | 0.67 Gb Free Space | 12.83% Space Free | Partition Type: FAT32

    Computer Name: YOUR-71A232D1A6 | User Name: Compaq_Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


    ========== Modules (No Company Name) ==========

    MOD - [2008/11/18 16:46:10 | 000,364,704 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
    MOD - [2008/11/18 16:46:04 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2008/11/18 16:46:02 | 000,056,752 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
    MOD - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    MOD - [2008/11/14 12:25:28 | 000,664,080 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
    MOD - [2008/11/14 12:25:28 | 000,311,312 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
    MOD - [2008/11/14 12:25:24 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
    MOD - [2008/11/14 12:25:20 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
    MOD - [2008/11/14 12:25:18 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/03/22 14:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
    SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2006/04/14 13:31:01 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
    DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
    DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2005/04/12 10:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
    DRV - [2005/04/12 10:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
    DRV - [2004/06/29 19:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2004/05/08 19:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
    DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
    DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
    DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/welcome?.gx=1&.tm=1284110515&.rand=8fmpmti9imgv5
    IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2010/07/07 10:33:00 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 19:32:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/03 21:39:34 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/02/03 21:30:10 | 000,440,389 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15164 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent File not found
    O4 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (Reg Error: Value error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab (Reg Error: Value error.)
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8896D987-AD6F-4C73-B822-D35C5D8F3F6B}: DhcpNameServer = 167.206.254.2 167.206.254.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
    O24 - Desktop Components:0 () - http://images.player.virginradio.co.uk/player2/gr/title.png
    O24 - Desktop Components:1 () - https://www.infinityauto.com/images/shim.gif
    O24 - Desktop Components:2 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/10/21 23:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/03 22:28:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/02/03 21:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
    [2012/02/03 21:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
    [2012/02/03 21:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/02/03 21:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2012/02/03 21:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/02/03 21:29:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    [2012/02/03 18:20:20 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/02/03 14:06:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/02/03 14:06:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/02/03 14:06:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/02/03 14:06:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/02/03 13:15:30 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
    [2012/02/03 13:09:24 | 004,394,794 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    [2012/02/02 00:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\bootkit_remover
    [2012/02/02 00:18:49 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
    [2012/02/01 22:14:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
    [2012/01/23 04:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Bubble Glass AHsoho OF
    [2012/01/23 04:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2012/01/23 04:44:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
    [2012/01/22 06:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT
    [2012/01/22 04:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\My Shortcuts
    [2012/01/16 03:38:11 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
    [2012/01/10 05:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2012/01/05 04:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Health Dental

    ========== Files - Modified Within 30 Days ==========

    [2012/02/03 22:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/03 21:41:19 | 057,146,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/02/03 21:39:34 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/02/03 21:30:10 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
    [2012/02/03 18:38:27 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-213010.backup
    [2012/02/03 18:26:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-183827.backup
    [2012/02/03 18:18:12 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Windows Firewall.lnk
    [2012/02/03 14:15:20 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
    [2012/02/03 14:15:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-142047.backup
    [2012/02/03 14:15:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/03 14:14:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/03 14:14:58 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/03 13:25:53 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Using AppRemover — OPSWAT AppRemover.url
    [2012/02/03 13:15:45 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
    [2012/02/03 13:11:33 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Always something about blank! trogans--2 wks ago Win32.Eyeon -may still have LOGS - TechSpot OpenBoards.url
    [2012/02/03 13:09:28 | 004,394,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
    [2012/02/03 13:08:48 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
    [2012/02/03 13:08:34 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-140307.backup
    [2012/02/02 23:48:03 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
    [2012/02/02 21:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/02 15:00:29 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-130834.backup
    [2012/02/02 00:45:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
    [2012/02/02 00:19:09 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
    [2012/02/01 22:21:59 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Manual Removal Guide for Win32.Eyeon.ie - Safer-Networking Forums.url
    [2012/02/01 22:14:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
    [2012/02/01 21:56:10 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120202-150029.backup
    [2012/02/01 21:44:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
    [2012/02/01 21:40:49 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/01 20:34:13 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-215610.backup
    [2012/02/01 12:02:51 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-203413.backup
    [2012/01/31 12:15:03 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-120251.backup
    [2012/01/31 10:14:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
    [2012/01/30 12:01:16 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120131-121502.backup
    [2012/01/29 12:13:03 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-120116.backup
    [2012/01/29 09:00:51 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
    [2012/01/28 12:02:26 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120129-121303.backup
    [2012/01/28 10:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\cleanmgr.job
    [2012/01/27 12:14:23 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120128-120226.backup
    [2012/01/26 15:01:20 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120127-121423.backup
    [2012/01/26 01:22:21 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\My eBay Watch List.url
    [2012/01/26 01:13:37 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Message View.url
    [2012/01/25 12:35:13 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120126-150120.backup
    [2012/01/24 12:36:52 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120125-123513.backup
    [2012/01/23 15:00:44 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120124-123652.backup
    [2012/01/23 06:56:44 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E-Mail Help.url
    [2012/01/23 05:58:05 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Chrome Web Store - Keep My Opt-Outs.url
    [2012/01/23 05:46:30 | 000,003,842 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Re ool who knew.mht
    [2012/01/23 05:22:55 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Optimum Online.url
    [2012/01/23 04:28:43 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/22 15:00:30 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120123-150044.backup
    [2012/01/21 15:01:00 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120122-150030.backup
    [2012/01/20 00:14:28 | 000,001,334 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xpsp3res.dll xpsp2res.dll xpsp1res.dll dnserror Cannot Connect to Server Fix.url
    [2012/01/19 23:53:13 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120121-150100.backup
    [2012/01/19 12:28:06 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-235313.backup
    [2012/01/18 12:37:56 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-122806.backup
    [2012/01/17 15:00:32 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120118-123755.backup
    [2012/01/17 05:20:59 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120117-150032.backup
    [2012/01/16 12:04:47 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120117-052059.backup
    [2012/01/16 03:40:07 | 000,696,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\requested-files[2012-01-16_03_40].cab
    [2012/01/16 03:38:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
    [2012/01/16 02:55:24 | 000,000,281 | -HS- | M] () -- C:\boot.ini
    [2012/01/16 01:38:32 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-120447.backup
    [2012/01/16 01:23:29 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-013832.backup
    [2012/01/16 00:01:54 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-012329.backup
    [2012/01/10 13:02:23 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer - Microsoft Download Center.url
    [2012/01/10 13:01:17 | 000,001,445 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office - Microsoft Download Center.url
    [2012/01/10 12:56:39 | 000,542,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/10 12:56:39 | 000,114,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/10 05:13:25 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/01/10 04:36:50 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-000154.backup
    [2012/01/10 00:59:33 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120110-043650.backup
    [2012/01/08 14:00:33 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120110-005933.backup
    [2012/01/05 03:22:10 | 000,001,227 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clairol Nice N Easy Hair Color #108 Natural Reddish Blonde KIT.url

    ========== Files Created - No Company Name ==========

    [2012/02/03 21:41:19 | 057,146,209 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/02/03 21:39:34 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/02/03 18:18:12 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Windows Firewall.lnk
    [2012/02/03 14:06:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/02/03 14:06:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/02/03 14:06:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/02/03 14:06:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/02/03 14:06:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/02/03 13:25:53 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Using AppRemover — OPSWAT AppRemover.url
    [2012/02/03 13:11:33 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Always something about blank! trogans--2 wks ago Win32.Eyeon -may still have LOGS - TechSpot OpenBoards.url
    [2012/02/02 23:48:03 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
    [2012/02/02 00:45:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
    [2012/02/01 21:44:34 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
    [2012/01/26 01:13:37 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Message View.url
    [2012/01/23 06:56:43 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E-Mail Help.url
    [2012/01/23 05:58:05 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Chrome Web Store - Keep My Opt-Outs.url
    [2012/01/23 05:46:29 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Re ool who knew.mht
    [2012/01/23 05:22:55 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Optimum Online.url
    [2012/01/20 00:14:28 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xpsp3res.dll xpsp2res.dll xpsp1res.dll dnserror Cannot Connect to Server Fix.url
    [2012/01/16 03:40:07 | 000,696,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\requested-files[2012-01-16_03_40].cab
    [2012/01/16 02:25:54 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Manual Removal Guide for Win32.Eyeon.ie - Safer-Networking Forums.url
    [2012/01/10 16:20:12 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/10 13:02:23 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer - Microsoft Download Center.url
    [2012/01/10 13:01:17 | 000,001,445 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office - Microsoft Download Center.url
    [2012/01/10 05:13:25 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/01/10 04:55:27 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/05 03:22:10 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clairol Nice N Easy Hair Color #108 Natural Reddish Blonde KIT.url
    [2011/12/05 08:01:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2008/12/11 03:21:05 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2008/03/19 13:33:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
    [2006/12/31 06:23:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
    [2006/12/29 06:02:28 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2006/12/29 06:02:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2006/06/18 22:47:15 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
    [2006/04/18 02:57:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2006/04/18 02:36:29 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/04/14 12:13:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/04/11 03:18:28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
    [2006/04/11 03:18:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2006/03/31 00:45:49 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
    [2006/03/31 00:45:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
    [2006/03/14 00:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
    [2006/01/15 23:59:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2006/01/15 23:57:10 | 000,000,841 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2006/01/15 23:57:10 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
    [2006/01/15 23:57:10 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2006/01/15 23:57:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2006/01/15 23:57:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
    [2006/01/15 23:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2006/01/15 23:54:19 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2005/12/29 00:18:27 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
    [2004/12/29 19:59:23 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
    [2004/12/29 19:59:23 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
    [2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
    [2004/10/28 21:22:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/10/28 21:22:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/10/28 21:22:20 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/10/28 21:22:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/10/28 21:22:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/10/28 21:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/10/28 21:21:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/10/28 21:21:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/10/28 21:20:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/10/22 05:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/10/22 01:11:25 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
    [2004/10/22 01:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
    [2004/10/22 01:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
    [2004/10/22 00:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2004/10/22 00:04:53 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
    [2004/10/22 00:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
    [2004/10/22 00:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
    [2004/10/22 00:00:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
    [2004/10/21 23:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
    [2004/10/21 23:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
    [2004/10/21 23:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
    [2004/10/21 23:13:11 | 000,000,903 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/10/21 23:10:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/10/21 23:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/10/21 22:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2004/10/21 22:47:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/10/21 22:47:36 | 000,542,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/10/21 22:47:36 | 000,114,282 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/10/21 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
    [2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
    [2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
    [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intervideo
    [2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-71A232D1A6\Application Data\Intervideo
    [2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-71A232D1A6\Application Data\SampleView
    [2012/02/03 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/11/30 01:07:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/08/27 04:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
    [2012/01/23 04:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2004/10/22 00:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
    [2012/02/03 21:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/10/09 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2006/01/15 23:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2008/12/04 20:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
    [2008/02/04 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2011/06/25 02:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2012/02/03 21:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
    [2011/12/14 03:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CompuClever
    [2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DriverCure
    [2010/08/27 04:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\eBay
    [2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
    [2006/04/14 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
    [2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
    [2006/06/18 22:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ScanSoft
    [2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software
    [2006/06/18 22:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
    [2011/06/19 03:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeraCopy
    [2008/02/04 16:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
    [2009/01/14 16:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WholeSecurity
    [2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intervideo
    [2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
    [2012/01/23 04:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2012/01/28 10:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\cleanmgr.job
    [2012/01/31 10:14:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) >
    Invalid Switch: 12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)


    < O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. >

    < O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. >

    < O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.) >
    Invalid Switch: ipixx.cab (Reg Error: Value error.)


    < O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab (Reg Error: Value error.) >
    Invalid Switch: sysinfo.cab (Reg Error: Value error.)


    < O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab (Reg Error: Value error.) >
    Invalid Switch: ...ship-WD.V1.cab (Reg Error: Value error.)


    < O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.) >
    Invalid Switch: gp.cab (Reg Error: Key error.)


    < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
    Invalid Switch: gp.cab (Reg Error: Key error.)


    < [2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software >
    Invalid Switch: 14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software


    < [2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software >
    Invalid Switch: 14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software


    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyjava] >

    < [emptyflash] >

    < [Reboot] >

    < End of report >
    herewegoagain, Feb 3, 2012
    #24

  5. herewegoagain Newcomer, in training

    here is security check & Fss. Rest to follow...

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2012
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Out of date Spybot installed!
    MVPS Hosts File
    Spybot - Search & Destroy 1.4
    Spybot - Search & Destroy
    McAfee SiteAdvisor
    IE SpyAd
    CCleaner
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````


    -------------------------------------------------------------------------------------------------

    Farbar Service Scanner Version: 02-02-2012
    Ran by Compaq_Owner (administrator) on 03-02-2012 at 23:39:23
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Avgtdix(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0B00000004000000010000000200000003000000090000000A0000000B00000005000000080000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
    herewegoagain, Feb 3, 2012
    #25

  6. herewegoagain Newcomer, in training

    I just realized I did the OTL wrong ( pasted, checked 'all users' & 'quick scan' again instead of 'Fix'.
    The last log is that :)
    I did it again correctly but didnt want to edit in case you needed that to fix what I did? so Im posting the
    correctly executed one here.
    Im going to rerun Security check / Fss / TFC again too. Just in case of different results with correct OTL scan
    Sorry for all my confusion...

    All processes killed
    ========== OTL ==========
    Service tmcomm stopped successfully!
    Service tmcomm deleted successfully!
    C:\WINDOWS\system32\drivers\tmcomm.sys moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Starting removal of ActiveX control {11260943-421B-11D0-8EAC-0000C07D88CF}
    C:\WINDOWS\Downloaded Program Files\IPIXX.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11260943-421B-11D0-8EAC-0000C07D88CF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11260943-421B-11D0-8EAC-0000C07D88CF}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11260943-421B-11D0-8EAC-0000C07D88CF}\ not found.
    Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}
    C:\WINDOWS\Downloaded Program Files\sysinfo.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.
    Starting removal of ActiveX control {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}
    C:\WINDOWS\Downloaded Program Files\webdiag.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5A76EA0-7B92-4707-9DBF-6F6FE56A6800}\ not found.
    Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
    C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
    C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.YOUR-71A232D1A6
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Compaq_Owner
    ->Temp folder emptied: 58699 bytes
    ->Temporary Internet Files folder emptied: 7136324 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 7.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02042012_000101

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF1D2C.tmp moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DF4F47.tmp moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\PCPOS0YS\online-scanner[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\GLVGH2GB\partner[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\GLVGH2GB\partner[2].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\GLVGH2GB\partner[3].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\C0WTPEUB\fastbutton[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\C0WTPEUB\run7407185e[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\C0WTPEUB\showthread[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\136VAHOH\918[1].htm moved successfully.
    C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

    Registry entries deleted on Reboot...
    herewegoagain, Feb 3, 2012
    #26

  7. herewegoagain Newcomer, in training

    NEW Security check & FSS

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2012
    ESET Online Scanner v3
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Out of date Spybot installed!
    MVPS Hosts File
    Spybot - Search & Destroy 1.4
    Spybot - Search & Destroy
    McAfee SiteAdvisor
    IE SpyAd
    CCleaner
    Java(TM) 6 Update 30
    Out of date Java installed!
    Adobe Reader X (10.1.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````


    ---------------------------------------------------------------------------------------

    NEW FSS

    Farbar Service Scanner Version: 02-02-2012
    Ran by Compaq_Owner (administrator) on 04-02-2012 at 00:21:54
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Avgtdix(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0B00000004000000010000000200000003000000090000000A0000000B00000005000000080000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
    herewegoagain, Feb 4, 2012
    #27

  8. herewegoagain Newcomer, in training

    Im not doing anything else until I hear from you...
    I think I really screwed things up!?
    After TFC reboot the desktop went white backround & had an "ACTIVE
    DESKTOP?" error. I went to desktop properties & somehow got my usual
    back but now Im very worried.
    HELP.... & So sorry for causing more issues!
    herewegoagain, Feb 4, 2012
    #28

  9. Broni Malware Annihilator

    You're fine.

    Go ahead with Eset scan.
    Broni, Feb 4, 2012
    #29

  10. herewegoagain Newcomer, in training

    ahhhhhh :) Great!
    I started ESET but now overly cautious!
    It came up with 'Remove found threats' box already checked.
    I did check the 'archives' but should I leave or remove the other?
    herewegoagain, Feb 4, 2012
    #30

  11. Broni Malware Annihilator

    Do only what my instructions say.
    Broni, Feb 4, 2012
    #31

  12. herewegoagain Newcomer, in training

    ok, I assumed you know the other box comes checked so just left it like that? :)
    The results showed no threats found or cleaned ...good news there!
    wow ...that scan took hours!
    herewegoagain, Feb 4, 2012
    #32

  13. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Feb 4, 2012
    #33

  14. herewegoagain Newcomer, in training

    All done except installing the programs you suggest...
    Do they work well alongside AVG & Spybot?
    What do you recomend or use as an everyday (free) :) antivirus/
    antirootkit instead of AVG? It obviously doesnt seem to do the job
    even with all the link/email etc scanners!

    The computer seems to be fine(everything remaining in place! :)
    I havent done much with it yet but Im sure your assessment and
    fixes worked A+!
    I saw the added warning for those infected with Trogans about
    changing passwords etc. Who or what were the culprit(s) here?

    I saved the last OTL log, do you want me to post it for your overview?
    herewegoagain, Feb 4, 2012
    #34

  15. Broni Malware Annihilator

    All those programs will work fine along with AVG and Spybot.

    If you read #12 you'd know that there is no perfect security program.
    It's always about your computing habits.

    Some trojans were present so passwords change is due.

    ============================================================

    Way to go!! [IMG]
    Good luck and stay safe :)
    Broni, Feb 4, 2012
    #35

  16. herewegoagain Newcomer, in training

    Ok, Ill get to the #12, must be in the bleeping post.
    Ill do the passworks next.
    Thanks so much for your time & PATIENCE with me. Believe it or
    not I have an online business but just touched my 1st computer 5
    years ago so theres lots of stuff to learn in here!

    Is there a safe place on this forum (or other) where I could trust
    someone to look into/go through my files/progams/startup type
    stuff and help me figure out whats needed and whats just CR*P?!
    I think I have too much that I dont even use or know what its for.
    That will be an undertaking also!
    Thanks again...
    herewegoagain, Feb 4, 2012
    #36

  17. Broni Malware Annihilator

    Create new topic in Windows forum.
    Broni, Feb 4, 2012
    #37
Page 2 of 2