TechSpot

Cannot connect to any search engines after running malwarebytes' antivirus

Solved
By efoxeli
Nov 6, 2011
  1. hey all, i'm hoping you can help us.

    my wife received this hand me down computer a few months ago and shortly thereafter it acquired the blue flair antivirus virus and she shut the computer down so as not to infect my computer connected to the same network. we believe this computerwas constructed by our local tech expert (it has no brand name) but it is running windows xp pro v. 2002 sp-3. it has an 111 gb hard drive, a 2.o ghz processor and 1 gb of ram. I am not particularly tech savvy but we did follow the instructions we got from bleepingcomputer.com after an internet search on how to remove the virus.

    malwarebytes' has been run successfully but now we cannot connect to any search engines with this computer.

    then we found techspot and we followed the steps outlined on your website to remove a virus or malware. here are the first two logs generated by that process:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8076

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    11/3/2011 11:14:58 AM
    mbam-log-2011-11-03 (11-14-58).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 293271
    Time elapsed: 1 hour(s), 13 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 2
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YJ3C6F6A6XZV5BYG (Trojan.SpyEyes.R) -> Value: YJ3C6F6A6XZV5BYG -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\compmgm (Trojan.Agent) -> Value: compmgm -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001352.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001354.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.20347005854515965.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.37444608322699324.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.7598730112847655.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.7906734744129083.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\0.9168849519617404.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\systemsvc\2e4f34c5820.exe (Trojan.SpyEyes.R) -> Quarantined and deleted successfully.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-03 14:51:42
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 Promise_ rev.1.10
    Running: w4n15s4b.exe; Driver: C:\DOCUME~1\Eli\LOCALS~1\Temp\pgliqpoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 MBR read error
    Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

    ---- System - GMER 1.0.15 ----

    SSDT spya.sys ZwEnumerateKey [0xF72FACA2]
    SSDT spya.sys ZwEnumerateValueKey [0xF72FB030]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\fasttx2k -> DriverStartIo \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 8650E31B
    Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 86F6B1F8
    Device \Driver\viamraid \Device\Scsi\viamraid1 86FD61F8
    Device \Driver\fasttx2k -> DriverStartIo \Device\Scsi\fasttx2k1 8650E31B
    Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 86F6B1F8
    Device \FileSystem\Ntfs \Ntfs 86FD51F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    i am having some difficulty retrieving the dds and attach logs but i can run the dds again if you think it is necessary. i am anxiously awaiting any he;p you may be able to give me with this problem.
  2. efoxeli

    efoxeli TS Rookie Topic Starter

    here are the dds & attach logs

    here are the dds and attach logs that i could not locate earlier:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Janine at 14:23:56 on 2011-11-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.268 [GMT -7:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe
    mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://192.168.0.253:82/kxhcm10.ocx
    DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.0.150/RemoteWeb.cab
    DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
    DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
    DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.0.150/VideoViewer.cab
    DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239046279656
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.91.95.226/activex/AxisCamControl.cab
    DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://192.168.0.41/plugin/h263ctrl.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{970F5321-FE70-4B09-B4DA-1FF80A398153} : DhcpNameServer = 192.168.0.1
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    Hosts: 80.79.117.219 www.google.com
    Hosts: 80.79.117.220 search.yahoo.com
    Hosts: 80.79.117.220 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\eli\application data\mozilla\firefox\profiles\8l3pcn04.default\
    FF - plugin: c:\documents and settings\eli\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
    R1 SolDisk;SolDisk;c:\windows\system32\drivers\soldisk.sys [2010-2-3 38344]
    R1 SolFS;SolFS;c:\windows\system32\drivers\solfs.sys [2010-2-3 285256]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 6656]
    R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2001-10-24 36224]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-18 135664]
    S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-18 135664]
    S3 HwIOctl;HwIOctl; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-9 27064]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-5 4992]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\SET29.tmp
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\SET27.tmp
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\SET28.tmp
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\SET24.tmp
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 14:25:37.17 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/27/2007 2:34:48 PM
    System Uptime: 11/6/2011 11:26:42 AM (3 hours ago)
    .
    Motherboard: MSI | | MS-6702
    Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket-754 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 112 GiB total, 89.159 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 8/12/2011 8:33:59 AM - System Checkpoint
    RP2: 8/12/2011 8:35:12 AM - Software Distribution Service 3.0
    RP3: 8/12/2011 9:43:20 AM - Software Distribution Service 3.0
    RP4: 8/15/2011 8:10:46 AM - Software Distribution Service 3.0
    RP5: 8/15/2011 3:03:54 PM - Software Distribution Service 3.0
    RP6: 8/17/2011 7:19:36 AM - Software Distribution Service 3.0
    RP7: 8/17/2011 8:29:42 AM - Restore Operation
    RP8: 8/17/2011 8:35:48 AM - Restore Operation
    RP9: 8/17/2011 2:00:15 PM - Software Distribution Service 3.0
    RP10: 8/17/2011 4:06:50 PM - Software Distribution Service 3.0
    RP11: 11/3/2011 2:00:18 PM - Software Distribution Service 3.0
    RP12: 11/4/2011 8:30:39 AM - Software Distribution Service 3.0
    RP13: 11/6/2011 2:00:16 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0.1
    Adobe Reader 9.4.5
    Amazing Universe Premium Screen Saver
    ANIO Service
    ANIWZCS2 Service
    AVG 2011
    Big City Adventure Sydney
    Big Fish Games Client
    BufferChm
    C5500
    C5500_Help
    Cards_Calendar_OrderGift_DoMorePlugout
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Destination Component
    DeviceDiscovery
    DocProc
    Facebook Plug-In
    GEAR driver installer for x86 and x64
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    InstallMgr
    Java(TM) 6 Update 13
    LaserJet 1018
    Little Shop of Treasures 2
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Small Business Edition 2003
    Microsoft Office Word Viewer 2003
    Microsoft Search Enhancement Pack
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C Runtime
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSN
    MSN Toolbar
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    Mystery Case Files: Madame Fate
    Mystery Case Files: Ravenhearst ™
    neroxml
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    Picasa 3
    Platform
    PS_AIO_04_C5500_ProductContext
    PS_AIO_04_C5500_Software
    PS_AIO_04_C5500_Software_Min
    PSSWCORE
    QuickBooks
    QuickBooks Pro 2011
    QuickTime
    Realtek AC'97 Audio
    Revo Uninstaller Pro 2.5.3
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SolutionCenter
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB960763)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows PowerShell(TM) 1.0 MUI pack
    Windows XP Service Pack 3
    Wireless G WUA-1340
    WordPerfect Office 11
    Yahoo! Install Manager
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/3/2011 2:01:50 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
    11/3/2011 12:01:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    11/3/2011 12:01:09 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    11/3/2011 12:00:46 PM, error: Service Control Manager [7000] - The lxdw_device service failed to start due to the following error: The system cannot find the file specified.
    11/3/2011 11:18:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx SI3114r Si3114r5 TfFsMon TfSysMon videX32
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  4. efoxeli

    efoxeli TS Rookie Topic Starter

    TDSS report

    hey broni,

    thanks for getting back to us so quickly. the scan has been run. here is the report.


    17:48:35.0890 3664 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
    17:48:36.0640 3664 ============================================================
    17:48:36.0640 3664 Current date / time: 2011/11/06 17:48:36.0640
    17:48:36.0640 3664 SystemInfo:
    17:48:36.0640 3664
    17:48:36.0640 3664 OS Version: 5.1.2600 ServicePack: 3.0
    17:48:36.0640 3664 Product type: Workstation
    17:48:36.0640 3664 ComputerName: COMPUTER
    17:48:36.0640 3664 UserName: Janine
    17:48:36.0640 3664 Windows directory: C:\WINDOWS
    17:48:36.0640 3664 System windows directory: C:\WINDOWS
    17:48:36.0640 3664 Processor architecture: Intel x86
    17:48:36.0640 3664 Number of processors: 1
    17:48:36.0640 3664 Page size: 0x1000
    17:48:36.0640 3664 Boot type: Normal boot
    17:48:36.0640 3664 ============================================================
    17:48:37.0859 3664 !crdlk
    17:48:37.0906 3664 Initialize success
    17:48:43.0703 3068 ============================================================
    17:48:43.0703 3068 Scan started
    17:48:43.0703 3068 Mode: Manual;
    17:48:43.0703 3068 ============================================================
    17:48:44.0781 3068 Abiosdsk - ok
    17:48:44.0859 3068 abp480n5 - ok
    17:48:45.0062 3068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    17:48:45.0078 3068 ACPI - ok
    17:48:45.0234 3068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    17:48:45.0250 3068 ACPIEC - ok
    17:48:45.0375 3068 adpu160m - ok
    17:48:45.0500 3068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    17:48:45.0500 3068 aec - ok
    17:48:45.0640 3068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    17:48:45.0640 3068 AFD - ok
    17:48:45.0750 3068 Aha154x - ok
    17:48:45.0843 3068 aic78u2 - ok
    17:48:45.0953 3068 aic78xx - ok
    17:48:46.0234 3068 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    17:48:46.0390 3068 ALCXWDM - ok
    17:48:46.0515 3068 AliIde - ok
    17:48:46.0578 3068 amsint - ok
    17:48:46.0687 3068 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
    17:48:46.0687 3068 AN983 - ok
    17:48:46.0796 3068 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
    17:48:46.0796 3068 ANIO - ok
    17:48:46.0921 3068 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    17:48:46.0921 3068 Arp1394 - ok
    17:48:47.0000 3068 asc - ok
    17:48:47.0078 3068 asc3350p - ok
    17:48:47.0140 3068 asc3550 - ok
    17:48:47.0250 3068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    17:48:47.0250 3068 AsyncMac - ok
    17:48:47.0328 3068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    17:48:47.0328 3068 atapi - ok
    17:48:47.0390 3068 Atdisk - ok
    17:48:47.0468 3068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    17:48:47.0468 3068 Atmarpc - ok
    17:48:47.0562 3068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    17:48:47.0578 3068 audstub - ok
    17:48:47.0703 3068 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    17:48:47.0703 3068 AVGIDSDriver - ok
    17:48:47.0796 3068 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    17:48:47.0796 3068 AVGIDSEH - ok
    17:48:47.0890 3068 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    17:48:47.0890 3068 AVGIDSFilter - ok
    17:48:47.0968 3068 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    17:48:47.0968 3068 AVGIDSShim - ok
    17:48:48.0078 3068 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    17:48:48.0109 3068 Avgldx86 - ok
    17:48:48.0187 3068 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    17:48:48.0187 3068 Avgmfx86 - ok
    17:48:48.0250 3068 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    17:48:48.0265 3068 Avgrkx86 - ok
    17:48:48.0343 3068 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    17:48:48.0375 3068 Avgtdix - ok
    17:48:48.0500 3068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    17:48:48.0500 3068 Beep - ok
    17:48:48.0609 3068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    17:48:48.0609 3068 cbidf2k - ok
    17:48:48.0703 3068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    17:48:48.0734 3068 CCDECODE - ok
    17:48:48.0828 3068 cd20xrnt - ok
    17:48:48.0906 3068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    17:48:48.0921 3068 Cdaudio - ok
    17:48:49.0000 3068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    17:48:49.0000 3068 Cdfs - ok
    17:48:49.0093 3068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    17:48:49.0093 3068 Cdrom - ok
    17:48:49.0156 3068 Changer - ok
    17:48:49.0281 3068 CmdIde - ok
    17:48:49.0390 3068 Cpqarray - ok
    17:48:49.0468 3068 dac2w2k - ok
    17:48:49.0531 3068 dac960nt - ok
    17:48:49.0640 3068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    17:48:49.0640 3068 Disk - ok
    17:48:49.0750 3068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    17:48:49.0812 3068 dmboot - ok
    17:48:49.0906 3068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    17:48:49.0921 3068 dmio - ok
    17:48:49.0984 3068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    17:48:49.0984 3068 dmload - ok
    17:48:50.0046 3068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    17:48:50.0062 3068 DMusic - ok
    17:48:50.0171 3068 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
    17:48:50.0218 3068 dot4 - ok
    17:48:50.0328 3068 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    17:48:50.0328 3068 Dot4Print - ok
    17:48:50.0437 3068 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
    17:48:50.0453 3068 dot4usb - ok
    17:48:50.0515 3068 dpti2o - ok
    17:48:50.0562 3068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    17:48:50.0578 3068 drmkaud - ok
    17:48:50.0781 3068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    17:48:50.0781 3068 Fastfat - ok
    17:48:50.0875 3068 fasttx2k (8958fc7f2df3c4f0a363a8644583485c) C:\WINDOWS\system32\drivers\fasttx2k.sys
    17:48:50.0875 3068 fasttx2k - ok
    17:48:50.0968 3068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    17:48:50.0968 3068 Fdc - ok
    17:48:51.0046 3068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    17:48:51.0046 3068 Fips - ok
    17:48:51.0125 3068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    17:48:51.0125 3068 Flpydisk - ok
    17:48:51.0203 3068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    17:48:51.0218 3068 FltMgr - ok
    17:48:51.0296 3068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    17:48:51.0296 3068 Fs_Rec - ok
    17:48:51.0375 3068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    17:48:51.0375 3068 Ftdisk - ok
    17:48:51.0453 3068 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    17:48:51.0453 3068 gagp30kx - ok
    17:48:51.0531 3068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    17:48:51.0546 3068 GEARAspiWDM - ok
    17:48:51.0625 3068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    17:48:51.0640 3068 Gpc - ok
    17:48:51.0796 3068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    17:48:51.0796 3068 HidUsb - ok
    17:48:51.0921 3068 hpn - ok
    17:48:52.0015 3068 HPZid412 - ok
    17:48:52.0046 3068 HPZipr12 - ok
    17:48:52.0156 3068 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    17:48:52.0171 3068 HPZius12 - ok
    17:48:52.0296 3068 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
    17:48:52.0312 3068 HSFHWBS2 - ok
    17:48:52.0406 3068 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
    17:48:52.0484 3068 HSF_DP - ok
    17:48:52.0593 3068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    17:48:52.0609 3068 HTTP - ok
    17:48:52.0687 3068 HwIOctl - ok
    17:48:52.0750 3068 i2omgmt - ok
    17:48:52.0843 3068 i2omp - ok
    17:48:52.0921 3068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    17:48:52.0921 3068 i8042prt - ok
    17:48:53.0000 3068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    17:48:53.0000 3068 Imapi - ok
    17:48:53.0093 3068 ini910u - ok
    17:48:53.0171 3068 IntelIde - ok
    17:48:53.0265 3068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    17:48:53.0265 3068 Ip6Fw - ok
    17:48:53.0375 3068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    17:48:53.0375 3068 IpFilterDriver - ok
    17:48:53.0484 3068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    17:48:53.0484 3068 IpInIp - ok
    17:48:53.0578 3068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    17:48:53.0593 3068 IpNat - ok
    17:48:53.0671 3068 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
    17:48:53.0671 3068 iPodDrv - ok
    17:48:53.0781 3068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    17:48:53.0796 3068 IPSec - ok
    17:48:53.0906 3068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    17:48:53.0921 3068 IRENUM - ok
    17:48:54.0000 3068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    17:48:54.0000 3068 isapnp - ok
    17:48:54.0093 3068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    17:48:54.0093 3068 Kbdclass - ok
    17:48:54.0187 3068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    17:48:54.0203 3068 kmixer - ok
    17:48:54.0296 3068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    17:48:54.0296 3068 KSecDD - ok
    17:48:54.0437 3068 lbrtfdc - ok
    17:48:54.0546 3068 LHidUsbK (a0d6a7e4f95adc2472d3f53305874d55) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
    17:48:54.0562 3068 LHidUsbK - ok
    17:48:54.0656 3068 LMouKE - ok
    17:48:54.0750 3068 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
    17:48:54.0750 3068 LNE100 - ok
    17:48:54.0843 3068 MBAMSwissArmy - ok
    17:48:54.0953 3068 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    17:48:54.0968 3068 mdmxsdk - ok
    17:48:55.0046 3068 Memctl - ok
    17:48:55.0156 3068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    17:48:55.0171 3068 mnmdd - ok
    17:48:55.0296 3068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    17:48:55.0296 3068 Modem - ok
    17:48:55.0390 3068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    17:48:55.0406 3068 Mouclass - ok
    17:48:55.0515 3068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    17:48:55.0515 3068 mouhid - ok
    17:48:55.0609 3068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    17:48:55.0625 3068 MountMgr - ok
    17:48:55.0718 3068 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
    17:48:55.0718 3068 MQAC - ok
    17:48:55.0812 3068 mraid35x - ok
    17:48:55.0937 3068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    17:48:55.0968 3068 MRxDAV - ok
    17:48:56.0078 3068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    17:48:56.0093 3068 MRxSmb - ok
    17:48:56.0203 3068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    17:48:56.0203 3068 Msfs - ok
    17:48:56.0296 3068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    17:48:56.0312 3068 MSKSSRV - ok
    17:48:56.0453 3068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    17:48:56.0453 3068 MSPCLOCK - ok
    17:48:56.0531 3068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    17:48:56.0531 3068 MSPQM - ok
    17:48:56.0640 3068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    17:48:56.0640 3068 mssmbios - ok
    17:48:56.0734 3068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    17:48:56.0734 3068 MSTEE - ok
    17:48:56.0828 3068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    17:48:56.0859 3068 Mup - ok
    17:48:56.0968 3068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    17:48:56.0968 3068 NABTSFEC - ok
    17:48:57.0078 3068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    17:48:57.0109 3068 NDIS - ok
    17:48:57.0187 3068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    17:48:57.0187 3068 NdisIP - ok
    17:48:57.0281 3068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    17:48:57.0296 3068 NdisTapi - ok
    17:48:57.0359 3068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    17:48:57.0359 3068 Ndisuio - ok
    17:48:57.0468 3068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    17:48:57.0484 3068 NdisWan - ok
    17:48:57.0578 3068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    17:48:57.0578 3068 NDProxy - ok
    17:48:57.0687 3068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    17:48:57.0687 3068 NetBIOS - ok
    17:48:57.0765 3068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    17:48:57.0781 3068 NetBT - ok
    17:48:57.0968 3068 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    17:48:57.0968 3068 NIC1394 - ok
    17:48:58.0093 3068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    17:48:58.0093 3068 Npfs - ok
    17:48:58.0218 3068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    17:48:58.0234 3068 Ntfs - ok
    17:48:58.0343 3068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    17:48:58.0359 3068 Null - ok
    17:48:58.0531 3068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    17:48:58.0625 3068 nv - ok
    17:48:58.0812 3068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    17:48:58.0812 3068 NwlnkFlt - ok
    17:48:58.0890 3068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    17:48:58.0906 3068 NwlnkFwd - ok
    17:48:58.0984 3068 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    17:48:58.0984 3068 ohci1394 - ok
    17:48:59.0093 3068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    17:48:59.0093 3068 Parport - ok
    17:48:59.0171 3068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    17:48:59.0171 3068 PartMgr - ok
    17:48:59.0281 3068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    17:48:59.0281 3068 ParVdm - ok
    17:48:59.0343 3068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    17:48:59.0343 3068 PCI - ok
    17:48:59.0406 3068 PCIDump - ok
    17:48:59.0484 3068 PCIIde - ok
    17:48:59.0562 3068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    17:48:59.0562 3068 Pcmcia - ok
    17:48:59.0625 3068 pctplsg - ok
    17:48:59.0703 3068 PDCOMP - ok
    17:48:59.0765 3068 PDFRAME - ok
    17:48:59.0843 3068 PDRELI - ok
    17:48:59.0953 3068 PDRFRAME - ok
    17:49:00.0015 3068 perc2 - ok
    17:49:00.0078 3068 perc2hib - ok
    17:49:00.0250 3068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    17:49:00.0265 3068 PptpMiniport - ok
    17:49:00.0343 3068 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    17:49:00.0343 3068 Processor - ok
    17:49:00.0421 3068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    17:49:00.0421 3068 PSched - ok
    17:49:00.0484 3068 PTDUBus - ok
    17:49:00.0562 3068 PTDUMdm - ok
    17:49:00.0625 3068 PTDUVsp - ok
    17:49:00.0671 3068 PTDUWWAN - ok
    17:49:00.0781 3068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17:49:00.0781 3068 Ptilink - ok
    17:49:00.0875 3068 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    17:49:00.0890 3068 PxHelp20 - ok
    17:49:01.0015 3068 ql1080 - ok
    17:49:01.0078 3068 Ql10wnt - ok
    17:49:01.0140 3068 ql12160 - ok
    17:49:01.0218 3068 ql1240 - ok
    17:49:01.0281 3068 ql1280 - ok
    17:49:01.0359 3068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    17:49:01.0359 3068 RasAcd - ok
    17:49:01.0421 3068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    17:49:01.0437 3068 Rasl2tp - ok
    17:49:01.0515 3068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    17:49:01.0531 3068 RasPppoe - ok
    17:49:01.0593 3068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    17:49:01.0593 3068 Raspti - ok
    17:49:01.0671 3068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    17:49:01.0703 3068 Rdbss - ok
    17:49:01.0781 3068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    17:49:01.0781 3068 RDPCDD - ok
    17:49:01.0875 3068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    17:49:01.0890 3068 rdpdr - ok
    17:49:02.0015 3068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    17:49:02.0015 3068 RDPWD - ok
    17:49:02.0125 3068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    17:49:02.0125 3068 redbook - ok
    17:49:02.0265 3068 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
    17:49:02.0265 3068 Revoflt - ok
    17:49:02.0343 3068 RimUsb - ok
    17:49:02.0453 3068 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    17:49:02.0484 3068 RimVSerPort - ok
    17:49:02.0593 3068 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
    17:49:02.0625 3068 RMCAST - ok
    17:49:02.0718 3068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    17:49:02.0718 3068 ROOTMODEM - ok
    17:49:02.0921 3068 RT73 (b01b2c25bd80770878285fb569090d7b) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
    17:49:02.0968 3068 RT73 - ok
    17:49:03.0156 3068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    17:49:03.0171 3068 Secdrv - ok
    17:49:03.0312 3068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    17:49:03.0328 3068 serenum - ok
    17:49:03.0390 3068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    17:49:03.0390 3068 Serial - ok
    17:49:03.0531 3068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    17:49:03.0546 3068 Sfloppy - ok
    17:49:03.0703 3068 SI3114r (d8d12a5acf76bbc9a3cf56a85b7f442f) C:\WINDOWS\system32\DRIVERS\SI3114R.sys
    17:49:03.0703 3068 SI3114r - ok
    17:49:03.0828 3068 Si3114r5 (87d406c592327ded095ff314427a4fa7) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
    17:49:03.0843 3068 Si3114r5 - ok
    17:49:03.0953 3068 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
    17:49:03.0953 3068 SiFilter - ok
    17:49:04.0078 3068 Simbad - ok
    17:49:04.0187 3068 SiRemFil (41a59f484188be629087ba391ff60d74) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
    17:49:04.0187 3068 SiRemFil - ok
    17:49:04.0281 3068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    17:49:04.0281 3068 SLIP - ok
    17:49:04.0343 3068 SMNDIS5 - ok
    17:49:04.0468 3068 SolDisk (49c2ecb03af985c3b078c3fc7b7ebcfe) C:\WINDOWS\system32\drivers\soldisk.sys
    17:49:04.0468 3068 SolDisk - ok
    17:49:04.0546 3068 SolFS (ae20f4e1aff911c826022d98bed9b733) C:\WINDOWS\system32\drivers\solfs.sys
    17:49:04.0593 3068 SolFS - ok
    17:49:04.0656 3068 Sparrow - ok
    17:49:04.0750 3068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    17:49:04.0750 3068 splitter - ok
    17:49:04.0906 3068 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    17:49:04.0906 3068 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    17:49:04.0906 3068 sptd ( LockedFile.Multi.Generic ) - warning
    17:49:04.0906 3068 sptd - detected LockedFile.Multi.Generic (1)
    17:49:04.0984 3068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    17:49:04.0984 3068 sr - ok
    17:49:05.0125 3068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    17:49:05.0140 3068 Srv - ok
    17:49:05.0265 3068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    17:49:05.0265 3068 streamip - ok
    17:49:05.0359 3068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    17:49:05.0359 3068 swenum - ok
    17:49:05.0453 3068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    17:49:05.0453 3068 swmidi - ok
    17:49:05.0546 3068 symc810 - ok
    17:49:05.0609 3068 symc8xx - ok
    17:49:05.0671 3068 sym_hi - ok
    17:49:05.0734 3068 sym_u3 - ok
    17:49:05.0828 3068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    17:49:05.0828 3068 sysaudio - ok
    17:49:05.0968 3068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    17:49:06.0000 3068 Tcpip - ok
    17:49:06.0093 3068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    17:49:06.0093 3068 TDPIPE - ok
    17:49:06.0171 3068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    17:49:06.0171 3068 TDTCP - ok
    17:49:06.0250 3068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    17:49:06.0250 3068 TermDD - ok
    17:49:06.0328 3068 TfFsMon - ok
    17:49:06.0390 3068 TfNetMon - ok
    17:49:06.0453 3068 TfSysMon - ok
    17:49:06.0546 3068 TosIde - ok
    17:49:06.0671 3068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    17:49:06.0671 3068 Udfs - ok
    17:49:06.0734 3068 ultra - ok
    17:49:06.0859 3068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    17:49:06.0875 3068 Update - ok
    17:49:06.0984 3068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    17:49:07.0000 3068 usbccgp - ok
    17:49:07.0093 3068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    17:49:07.0093 3068 usbehci - ok
    17:49:07.0171 3068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    17:49:07.0171 3068 usbhub - ok
    17:49:07.0218 3068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    17:49:07.0234 3068 usbprint - ok
    17:49:07.0328 3068 USBREC (8d9e86d710889ebb31dd42435922da2f) C:\WINDOWS\system32\DRIVERS\USBREC.sys
    17:49:07.0359 3068 USBREC - ok
    17:49:07.0437 3068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    17:49:07.0437 3068 usbscan - ok
    17:49:07.0515 3068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    17:49:07.0531 3068 USBSTOR - ok
    17:49:07.0656 3068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    17:49:07.0656 3068 usbuhci - ok
    17:49:07.0734 3068 USBVCD (f4a825865e31a849aca14efc8340f229) C:\WINDOWS\system32\drivers\USBVCD.sys
    17:49:07.0734 3068 USBVCD - ok
    17:49:07.0843 3068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    17:49:07.0843 3068 VgaSave - ok
    17:49:07.0953 3068 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
    17:49:07.0953 3068 viaagp1 - ok
    17:49:08.0031 3068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    17:49:08.0031 3068 ViaIde - ok
    17:49:08.0109 3068 viamraid (44056e9fee477f512ee58bcfee949621) C:\WINDOWS\system32\DRIVERS\viamraid.sys
    17:49:08.0109 3068 viamraid - ok
    17:49:08.0203 3068 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
    17:49:08.0203 3068 videX32 - ok
    17:49:08.0296 3068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    17:49:08.0312 3068 VolSnap - ok
    17:49:08.0437 3068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    17:49:08.0437 3068 Wanarp - ok
    17:49:08.0515 3068 WDICA - ok
    17:49:08.0578 3068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    17:49:08.0578 3068 wdmaud - ok
    17:49:08.0765 3068 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
    17:49:08.0812 3068 winachsf - ok
    17:49:09.0046 3068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    17:49:09.0078 3068 WpdUsb - ok
    17:49:09.0187 3068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    17:49:09.0187 3068 WS2IFSL - ok
    17:49:09.0296 3068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    17:49:09.0296 3068 WSTCODEC - ok
    17:49:09.0437 3068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    17:49:09.0437 3068 WudfPf - ok
    17:49:09.0500 3068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    17:49:09.0500 3068 WudfRd - ok
    17:49:09.0671 3068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    17:49:09.0843 3068 \Device\Harddisk0\DR0 - ok
    17:49:09.0875 3068 Boot (0x1200) (4e768735cecc314ed6b6e92fa3ab25db) \Device\Harddisk0\DR0\Partition0
    17:49:09.0875 3068 \Device\Harddisk0\DR0\Partition0 - ok
    17:49:09.0890 3068 ============================================================
    17:49:09.0890 3068 Scan finished
    17:49:09.0890 3068 ============================================================
    17:49:09.0921 3192 Detected object count: 1
    17:49:09.0921 3192 Actual detected object count: 1
    17:49:33.0453 3192 sptd ( LockedFile.Multi.Generic ) - skipped by user
    17:49:33.0453 3192 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  5. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  6. efoxeli

    efoxeli TS Rookie Topic Starter

    aswMBR log

    Hey Broni,

    Here is the log from the latest scan.


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-06 18:19:32
    -----------------------------
    18:19:32.828 OS Version: Windows 5.1.2600 Service Pack 3
    18:19:32.828 Number of processors: 1 586 0xC00
    18:19:32.828 ComputerName: COMPUTER UserName: Janine
    18:19:33.156 Initialize success
    18:50:25.703 AVAST engine defs: 11110602
    19:00:44.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0
    19:00:44.437 Disk 0 Vendor: Promise_ 1.10 Size: 114440MB BusType: 1
    19:00:44.437 Device \Driver\fasttx2k -> DriverStartIo 8650e31b
    19:00:44.437 Disk 0 MBR read error 0
    19:00:44.437 Disk 0 MBR scan
    19:00:44.531 Disk 0 unknown MBR code
    19:00:44.531 MBR BIOS signature not found 0
    19:00:44.531 Disk 0 scanning sectors +234356220
    19:00:44.625 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:01:04.984 Service scanning
    19:01:05.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    19:01:06.156 Modules scanning
    19:01:13.812 Disk 0 trace - called modules:
    19:01:14.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8650e4d0]<<
    19:01:14.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa8798]
    19:01:14.312 3 CLASSPNP.SYS[f754cfd7] -> nt!IofCallDriver -> [0x864c6d58]
    19:01:14.312 \Driver\fasttx2k[0x86f239b8] -> IRP_MJ_CREATE -> 0x8650e4d0
    19:01:14.937 AVAST engine scan C:\WINDOWS
    19:01:39.015 AVAST engine scan C:\WINDOWS\system32
    19:02:07.578 AVAST engine scan C:\WINDOWS\system32\drivers
    19:02:07.593 AVAST engine scan C:\Documents and Settings\Eli
    19:02:07.609 AVAST engine scan C:\Documents and Settings\All Users
    19:02:07.609 Scan finished successfully
    19:05:01.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eli\Desktop\MBR.dat"
    19:05:01.109 The log file has been saved successfully to "C:\Documents and Settings\Eli\Desktop\aswMBR.txt"
  7. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  8. efoxeli

    efoxeli TS Rookie Topic Starter

    combofix log

    Hey Broni,

    Had a little trouble with my AVG antivirus but I finally got it uninstalled and ran combofix. Here's the log:

    ComboFix 11-11-07.02 - Janine 11/06/2011 21:24:14.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.663 [GMT -7:00]
    Running from: c:\documents and settings\Eli\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
    c:\documents and settings\All Users\SPL29BC.tmp
    c:\documents and settings\All Users\SPLAEB9.tmp
    c:\documents and settings\All Users\SPLAEC6.tmp
    c:\documents and settings\Eli\Application Data\4FB6.B66
    c:\documents and settings\Eli\Application Data\Adobe\plugs
    c:\documents and settings\Eli\Application Data\Adobe\shed
    c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}
    c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}\chrome\content\_cfg.js
    c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}\chrome\content\overlay.xul
    c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}\install.rdf
    c:\documents and settings\Eli\Local Settings\Temporary Internet Files\MCP61.zip
    c:\documents and settings\Eli\Local Settings\Temporary Internet Files\viewChanges.html
    c:\documents and settings\Eli\Start Menu\Internet Explorer.lnk
    C:\systemsvc
    c:\systemsvc\BBEBACA03B82454
    c:\windows\system32\0.25274101998350906.exe
    c:\windows\system32\bszip.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-03 17:42 . 2011-11-03 17:42 -------- d-----w- c:\documents and settings\Eli\Local Settings\Application Data\Mozilla
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-26 18:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2001-08-23 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2001-08-23 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2004-08-03 08:56 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2004-08-03 07:17 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00 . 2011-08-08 22:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-17 13:49 . 2004-08-03 07:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-09-29 06:53 . 2011-11-03 17:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-02 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
    "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2008-08-20 16:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2007-08-30 17:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
    2008-04-14 00:11 177152 ----a-w- c:\windows\system32\mqrt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
    2003-06-05 14:49 118784 -c--a-w- c:\windows\system32\ptipbmf.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
    2003-02-26 02:27 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-03-09 11:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "YahooAUService"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "WinDefend"=2 (0x2)
    "SeaPort"=2 (0x2)
    "NMIndexingService"=3 (0x3)
    "idsvc"=3 (0x3)
    "gusvc"=3 (0x3)
    "GoogleDesktopManager-061008-081103"=3 (0x3)
    "FreezeScreenSaver"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "ACDaemon"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/1/2009 1:04 PM 717296]
    R1 SolDisk;SolDisk;c:\windows\system32\drivers\soldisk.sys [2/3/2010 2:46 PM 38344]
    R1 SolFS;SolFS;c:\windows\system32\drivers\solfs.sys [2/3/2010 2:46 PM 285256]
    R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2010 9:00 PM 6656]
    R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [3/5/2011 8:03 PM 1257760]
    R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [10/24/2001 3:16 PM 36224]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 9:14 AM 135664]
    S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 9:14 AM 135664]
    S3 HwIOctl;HwIOctl; [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
    S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
    S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
    S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
    S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/9/2011 8:12 AM 27064]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [10/5/2004 9:39 AM 4992]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-05 c:\windows\Tasks\backup.job
    - C:\backup.bat [2007-10-11 18:22]
    .
    2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 16:14]
    .
    2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 16:14]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://192.168.0.253:82/kxhcm10.ocx
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.0.150/RemoteWeb.cab
    DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.0.150/VideoViewer.cab
    FF - ProfilePath - c:\documents and settings\Eli\Application Data\Mozilla\Firefox\Profiles\8l3pcn04.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    MSConfigStartUp-ErrorFix - c:\program files\ErrorFix\ErrorFix.exe
    MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
    MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    MSConfigStartUp-RaidTool - c:\program files\VIA\RAID\raid_tool.exe
    MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
    MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
    MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-11-06 21:41
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,3f,ca,04,c6,88,84,48,b8,23,36,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,3f,ca,04,c6,88,84,48,b8,23,36,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(708)
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'lsass.exe'(768)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-11-06 21:45:41
    ComboFix-quarantined-files.txt 2011-11-07 04:45
    .
    Pre-Run: 96,484,118,528 bytes free
    Post-Run: 98,706,808,832 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 9CBD22BCFC3B11492A4647EADEB2B405
  9. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. efoxeli

    efoxeli TS Rookie Topic Starter

    OTL logs

    Hey Broni,

    Sorry about the delay but by the time AVG was reinstalled last night I was asleep in my chair. The computer seems to be doing well. I was able to use Google to locate AVG so I guess that search engine, at least, is working. I'm not really doing anything else with the computer during this process, just trying to follow instructions to the letter. I really appreciate your help.

    Here are the OTL logs:

    OTL Extras logfile created on: 11/7/2011 8:19:25 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eli\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.47 Mb Total Physical Memory | 461.05 Mb Available Physical Memory | 45.05% Memory free
    2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.24% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 91.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER | User Name: Janine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{114AA4D3-A577-400E-A1B2-3CF75CF8D2E2}" = C5500_Help
    "{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{246B1C35-590F-4B2F-B1B3-6CF57E752EE7}" = GEAR driver installer for x86 and x64
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
    "{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
    "{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
    "{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
    "{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113798980}" = Little Shop of Treasures 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}" = Big City Adventure Sydney
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
    "{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
    "{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
    "{9A9310B0-FAD0-440E-97B1-5EE14568EF78}" = PS_AIO_04_C5500_ProductContext
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
    "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
    "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C77A7F57-0BA5-4A17-B1C4-28E1D5F5A6EC}" = C5500
    "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
    "{D895E3FB-45BA-4BBF-BE50-0DEED3CD3F7E}" = Wireless G WUA-1340
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
    "Amazing Universe Premium Screen Saver" = Amazing Universe Premium Screen Saver
    "AVG" = AVG 2012
    "BFGC" = Big Fish Games Client
    "BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate
    "BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
    "HP-LaserJet 1018" = LaserJet 1018
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa 3" = Picasa 3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Silicon Image Events ]
    Error - 10/2/2007 7:03:46 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 3 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:03:51 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 1 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:03:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 0 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:04:01 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 2 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:04:51 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 3 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:04:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 2 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:05:01 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 1 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:05:51 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 2 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:05:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 1 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    Error - 10/2/2007 7:05:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
    Description = Device remove The Channel 3 Device on adapter 0, WDC WD3200YS-01PGB0,
    was removed.

    [ System Events ]
    Error - 11/7/2011 12:00:27 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
    Description = The AVG WatchDog service failed to start due to the following error:
    %%109

    Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSDRIVER\0000 disappeared from the system
    without first being prepared for removal.

    Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSEH\0000 disappeared from the system without
    first being prepared for removal.

    Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSFILTER\0000 disappeared from the system
    without first being prepared for removal.

    Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system
    without first being prepared for removal.

    Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGLDX86\0000 disappeared from the system without
    first being prepared for removal.

    Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without
    first being prepared for removal.

    Error - 11/7/2011 12:04:43 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
    Description = The lxdw_device service failed to start due to the following error:
    %%2

    Error - 11/7/2011 12:06:04 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7022
    Description = The HP CUE DeviceDiscovery Service service hung on starting.

    Error - 11/7/2011 12:06:04 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon


    < End of report >

    To much info for one post. I'll send the OTL.Txt log in another post.
  11. efoxeli

    efoxeli TS Rookie Topic Starter

    1/2 of OTL.Txt log

    OTL logfile created on: 11/7/2011 8:19:25 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eli\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.47 Mb Total Physical Memory | 461.05 Mb Available Physical Memory | 45.05% Memory free
    2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.24% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.75 Gb Total Space | 91.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

    Computer Name: COMPUTER | User Name: Janine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/07 08:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eli\My Documents\Downloads\OTL.exe
    PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/03/05 20:26:12 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/03/05 20:03:00 | 001,257,760 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/08/27 15:25:52 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
    PRC - [2007/01/19 10:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/12 07:55:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
    MOD - [2011/08/12 07:46:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
    MOD - [2011/06/28 13:07:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2008/09/10 02:37:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\lxdwoem.dll
    MOD - [2008/04/30 17:41:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXDWPMON.DLL
    MOD - [2007/08/20 16:41:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
    SRV - File not found [Auto | Stopped] -- -- (lxdw_device)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/03/05 20:26:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/03/05 20:03:00 | 001,257,760 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/03/09 21:00:06 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
    DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009/04/02 09:24:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
    DRV - [2008/04/13 11:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
    DRV - [2007/11/16 22:30:02 | 000,285,256 | ---- | M] (EldoS Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\solfs.sys -- (SolFS)
    DRV - [2007/11/16 22:30:00 | 000,038,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\soldisk.sys -- (SolDisk)
    DRV - [2007/10/02 14:36:12 | 000,110,384 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys -- (SI3114r)
    DRV - [2007/07/28 14:21:16 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
    DRV - [2007/02/07 10:30:04 | 000,209,200 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
    DRV - [2006/10/18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
    DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
    DRV - [2005/12/11 10:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
    DRV - [2005/07/22 22:41:18 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
    DRV - [2004/11/01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
    DRV - [2004/10/05 09:39:18 | 000,057,856 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBVCD.sys -- (USBVCD)
    DRV - [2004/10/05 09:39:18 | 000,004,992 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBREC.sys -- (USBREC)
    DRV - [2004/08/03 15:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
    DRV - [2003/07/02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
    DRV - [2003/06/10 05:25:30 | 000,156,672 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
    DRV - [2001/10/24 15:16:10 | 000,036,224 | ---- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 73 7B D0 4D 9A CC 01 [binary data]
    IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Eli\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/06 22:33:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/03 10:42:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/11/03 10:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eli\Application Data\Mozilla\Extensions
    [2011/11/03 10:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/03/10 08:37:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2009/06/24 14:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/11/06 21:41:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://192.168.0.253:82/kxhcm10.ocx (KX-HCM10 Control)
    O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
    O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.0.150/RemoteWeb.cab (Remote200 Control)
    O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab (CPlayFirstPiratePoppersControl Object)
    O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/bingame/rock/default/popcaploader1.cab (PopCapLoaderCtrl Class)
    O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.0.150/VideoViewer.cab (CViewerControl Object)
    O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239046279656 (MUWebControl Class)
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://64.91.95.226/activex/AxisCamControl.cab (CamImage Class)
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://192.168.0.41/plugin/h263ctrl.cab (VaPgCtrl Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
    O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10 (AstoundLauncher Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/cinematycoon.cab (TikGames Online Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{970F5321-FE70-4B09-B4DA-1FF80A398153}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Eli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/27 13:32:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/07 00:51:59 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2011/11/06 23:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\Application Data\AVG2012
    [2011/11/06 22:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
    [2011/11/06 22:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2011/11/06 22:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/11/06 22:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/11/06 22:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/11/06 21:45:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/11/06 21:20:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/11/06 20:16:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/11/06 20:16:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/11/06 20:16:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/11/06 20:16:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/11/06 20:15:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/11/06 20:14:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/03 13:59:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eli\My Documents\My Videos
    [2011/11/03 11:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\My Documents\Downloads
    [2011/11/03 10:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\Local Settings\Application Data\Mozilla
    [2011/11/03 10:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\Application Data\Mozilla
    [2011/11/03 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(6).dll
    [2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(5).dll
    [2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(4).dll
    [2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(3).dll
    [2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(2).dll
    [2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(6).dll
    [2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(5).dll
    [2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(4).dll
    [2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(3).dll
    [2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(2).dll
    [2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(6).dll
    [2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(5).dll
    [2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(4).dll
    [2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(3).dll
    [2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(2).dll
    [2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(6).dll
    [2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(5).dll
    [2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(4).dll
    [2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(3).dll
    [2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(2).dll
    [2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(6).dll
    [2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(5).dll
    [2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(4).dll
    [2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(3).dll
    [2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(2).dll
    [2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(6).dll
    [2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(5).dll
    [2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(4).dll
    [2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(3).dll
    [2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(2).dll
    [2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(7).exe
    [2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(6).exe
    [2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(5).exe
    [2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(4).exe
    [2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(3).exe
    [2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(2).exe
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/07 07:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/07 00:30:36 | 070,776,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/11/06 22:33:15 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2011/11/06 21:41:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/11/06 21:20:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/11/06 21:06:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/11/06 21:04:36 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{970F5321-FE70-4B09-B4DA-1FF80A398153}
    [2011/11/06 21:04:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/06 21:04:29 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
    [2011/11/06 21:04:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/11/06 21:04:21 | 1073,258,496 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/06 19:05:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eli\Desktop\MBR.dat
    [2011/11/06 14:02:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/11/06 13:07:46 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/11/06 13:07:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/06 11:30:42 | 000,494,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/11/06 11:30:42 | 000,090,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/11/06 11:27:24 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/11/03 10:42:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/11/03 10:42:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/06 22:33:15 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2011/11/06 21:20:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/11/06 21:20:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/11/06 20:16:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/11/06 20:16:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/11/06 20:16:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/11/06 20:16:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/11/06 20:16:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/11/06 19:05:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eli\Desktop\MBR.dat
    [2011/11/03 10:42:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/11/03 10:42:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/11/03 10:42:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/11/03 08:38:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/08/01 00:58:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/07/31 23:21:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dwiwa.dat
    [2011/07/31 23:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bhicewa.bin
    [2011/05/05 18:49:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
    [2011/05/05 18:49:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
    [2011/03/29 11:30:07 | 000,245,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/03/22 13:10:35 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2011/02/09 16:03:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\PERFV200P.ini
    [2009/11/19 12:03:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2009/11/03 13:13:47 | 000,075,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2009/09/22 11:08:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(6).dll
    [2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(5).dll
    [2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(4).dll
    [2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(3).dll
    [2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(2).dll
    [2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(6).dll
    [2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(5).dll
    [2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(4).dll
    [2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(3).dll
    [2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(2).dll
    [2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(6).dll
    [2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(5).dll
    [2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(4).dll
    [2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(3).dll
    [2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(2).dll
    [2009/07/16 13:54:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDWPMON.DLL
    [2009/07/16 13:54:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDWFXPU.DLL
    [2009/07/16 13:54:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxdwoem.dll
    [2008/10/28 11:54:01 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
    [2008/10/28 11:53:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini
    [2008/10/02 12:27:29 | 000,019,482 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
    [2008/09/25 10:13:28 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
    [2008/05/29 07:50:03 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Eli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/04/14 07:55:09 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\PFP110JPR.{PB
    [2008/04/14 07:55:09 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\PFP110JCM.{PB
    [2008/01/11 16:54:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2007/12/31 09:18:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/12/13 14:29:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
    [2007/10/17 10:38:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
    [2007/10/17 10:38:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
    [2007/10/16 11:54:05 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
    [2007/10/05 13:18:34 | 000,327,680 | R--- | C] () -- C:\WINDOWS\System32\ZSHP2600.EXE
    [2007/10/05 13:18:34 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
    [2007/10/05 13:18:33 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
    [2007/10/05 13:18:29 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
    [2007/10/05 13:18:29 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
    [2007/10/01 16:16:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/10/01 13:04:47 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
    [2007/09/27 15:04:39 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
    [2007/09/27 15:00:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/09/27 14:46:37 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Eli\Local Settings\Application Data\fusioncache.dat
    [2007/09/27 14:31:33 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
    [2007/09/27 14:31:33 | 000,000,094 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
    [2007/09/27 14:31:32 | 000,180,857 | ---- | C] () -- C:\WINDOWS\unadb5.exe
    [2007/09/27 14:31:32 | 000,108,032 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE
    [2007/09/27 14:28:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
    [2007/09/27 14:28:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
    [2007/09/27 14:28:45 | 000,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
    [2007/09/27 14:28:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
    [2007/09/27 14:28:29 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
    [2007/09/27 14:25:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2007/09/27 14:24:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2007/09/27 13:34:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2007/09/27 13:28:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2007/09/27 07:19:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/09/27 07:18:12 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/03 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/01 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/07/03 02:55:35 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ptipbmf.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/08/22 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2001/08/22 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2001/08/22 21:00:00 | 000,494,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2001/08/22 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2001/08/22 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2001/08/22 21:00:00 | 000,090,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2001/08/22 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2001/08/22 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2001/08/22 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2001/08/22 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    This is a long file. 2nd half to follow.
     
  12. efoxeli

    efoxeli TS Rookie Topic Starter

    2nd half of OTL.Txt log

    ========== LOP Check ==========

    [2009/07/16 13:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7600 Series
    [2007/10/15 11:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/11/06 23:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/08/02 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2009/04/01 13:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/08/12 11:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2007/10/02 12:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
    [2011/07/09 10:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/04/05 12:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
    [2009/10/09 07:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2009/03/27 10:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
    [2008/08/25 08:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2008/08/25 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2008/03/20 14:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2009/10/19 14:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
    [2011/11/07 00:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/11/20 09:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2008/04/11 10:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2008/12/09 10:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
    [2011/03/22 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
    [2009/01/15 09:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2007/10/03 08:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2007/10/09 10:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2008/12/15 15:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
    [2008/02/27 11:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
    [2011/03/22 13:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
    [2011/01/24 15:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
    [2009/03/18 09:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/03/31 11:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/11 09:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/06 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/04/10 11:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B912DA22-7AAD-474B-8C8F-D82FF0C33BF5}
    [2009/09/01 10:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\7600 Series
    [2007/10/15 10:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Autodesk
    [2011/11/06 23:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\AVG2012
    [2010/06/15 10:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Binary Fortress Software
    [2009/03/18 11:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2009/04/01 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\DAEMON Tools
    [2009/04/01 14:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\DAEMON Tools Lite
    [2009/04/01 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\DAEMON Tools Pro
    [2009/01/12 14:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\ESET
    [2010/03/09 11:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Facebook
    [2009/10/09 09:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\GARMIN
    [2010/04/05 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Genie-Soft
    [2008/02/07 12:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\iWin
    [2008/10/28 11:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Leadertech
    [2009/08/05 14:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Lexmark Productivity Studio
    [2007/11/01 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\PlayFirst
    [2009/01/26 13:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Printer Info Cache
    [2010/02/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Research In Motion
    [2008/12/15 13:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Shape games
    [2009/07/27 08:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Smith Micro
    [2011/03/30 08:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Stamps.com Internet Postage
    [2009/04/01 13:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\System Tweaker
    [2009/08/12 11:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Uniblue
    [2011/08/09 09:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\VS Revo Group
    [2009/03/17 09:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Windows Search
    [2009/04/23 14:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Z-Firm LLC
    [2011/08/15 12:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\1B9BC4F535B50877E27F93AA11E6F469
    [2011/08/05 12:00:00 | 000,000,178 | ---- | M] () -- C:\WINDOWS\Tasks\backup.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < >

    < %SYSTEMDRIVE%\*.* >
    [2007/09/27 13:32:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/04/12 11:22:54 | 000,000,233 | ---- | M] () -- C:\backup.bat
    [2009/11/12 10:24:12 | 000,008,832 | ---- | M] () -- C:\backup.reg
    [2010/06/23 14:03:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/11/06 21:20:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/11/06 21:45:44 | 000,014,169 | ---- | M] () -- C:\ComboFix.txt
    [2007/09/27 13:32:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/04/08 13:28:33 | 000,000,045 | ---- | M] () -- C:\error.log
    [2011/01/19 12:02:29 | 000,000,262 | ---- | M] () -- C:\faxfile.log
    [2011/11/06 21:04:21 | 1073,258,496 | -HS- | M] () -- C:\hiberfil.sys
    [2007/09/27 13:32:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/11/11 14:42:09 | 000,104,682 | ---- | M] () -- C:\lma_log.html
    [2009/04/10 10:48:23 | 000,034,918 | ---- | M] () -- C:\log.html
    [2007/09/27 13:32:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/02 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/18 08:20:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/11/06 21:04:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2008/01/18 13:29:17 | 000,102,489 | ---- | M] () -- C:\playground.log
    [2011/08/08 14:56:46 | 000,000,514 | ---- | M] () -- C:\rkill.log
    [2011/11/06 18:12:55 | 000,057,296 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_06.11.2011_17.48.35_log.txt
    [2009/08/20 09:15:22 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
    [2009/10/02 15:21:53 | 000,000,142 | ---- | M] () -- C:\þÀpctlsp.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/03/27 10:16:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/11/05 18:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
    [2008/06/06 19:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
    [2006/03/18 01:00:00 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
    [2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(2).dll
    [2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(3).dll
    [2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(4).dll
    [2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(5).dll
    [2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(6).dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2007/02/12 14:41:14 | 001,249,280 | ---- | M] () -- C:\WINDOWS\Amazing Universe Premium.scr
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/09/27 07:17:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2007/09/27 07:17:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2007/09/27 07:17:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/18 08:28:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/09/27 13:37:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2007/09/27 13:37:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/08/08 14:55:09 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Eli\Desktop\iExplore.exe
    [2011/08/08 15:17:35 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Eli\Desktop\mbam-setup.exe
    [2011/03/22 12:41:58 | 561,689,528 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Eli\Desktop\QuickBooksPro2011.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2004/09/29 09:07:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Eli\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/08/16 17:03:44 | 000,116,884 | ---- | M] () -- C:\Documents and Settings\All Users\lxdwJSW.log
    [2009/07/16 13:45:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\UpdaterLog.txt

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
    No captured output from command...

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    No captured output from command...

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/07/21 13:47:11 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Eli\Cookies\desktop.ini
    [2011/11/06 23:54:25 | 001,474,560 | ---- | M] () -- C:\Documents and Settings\Eli\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/20 05:29:46 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 05:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/20 05:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/20 05:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1997/10/01 13:20:40 | 000,030,080 | ---- | M] () -- C:\WINDOWS\system\Ptabimp3.exe
    [1994/11/22 14:09:58 | 000,317,116 | ---- | M] (Btrieve Technologies, Incorporated) -- C:\WINDOWS\system\WBTR32.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\backup.reg:SummaryInformation

    < End of report >
  13. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Good news :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
      O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
      O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
      O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      @Alternate Data Stream - 88 bytes -> C:\backup.reg:SummaryInformation
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  14. efoxeli

    efoxeli TS Rookie Topic Starter

    A problem has come up

    Hey Broni.

    I was in the middle of the java install when AVG popped up, stopped everything I was doing, closed the install, terminated 2 processes, removed 5 files and deleted 2 registry keys.

    Processes terminated:

    privacy.exe
    0.3526534183385933.exe

    Files deleted:

    privacyprotection.lnk
    privacy.exe
    privacy
    e.tmp
    0.3526534183385933.exe

    Registry keys deleted:

    hkey_users\s-1-5-21-140908223-1715567821-839522115-1003\software \2712425cd29893fe7bdc288eaa7e90d
    hkey_users\s-1-5-21-140908223-1715567821-839522115-1003\software\microsoft\windows\currentversion\run\privacyprotection

    What's up with that? Did I do something wrong? Should I try to install Java again?
  15. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    It looks like something malicious.
    Keep an eye on your computer and give Java another shot.
  16. efoxeli

    efoxeli TS Rookie Topic Starter

    Hey Broni,

    Java worked that time as did Javara. No problems. I ran OTL. Here's the log:

    All processes killed
    ========== OTL ==========
    Service NMIndexingService stopped successfully!
    Service NMIndexingService deleted successfully!
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    ADS C:\backup.reg:SummaryInformation deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41703 bytes

    User: Eli
    ->Temp folder emptied: 18697981 bytes
    ->Temporary Internet Files folder emptied: 3349810 bytes
    ->Java cache emptied: 42753976 bytes
    ->FireFox cache emptied: 39026577 bytes
    ->Apple Safari cache emptied: 1462272 bytes
    ->Flash cache emptied: 192091 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1014810 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 117952802 bytes
    ->Java cache emptied: 23683 bytes
    ->Flash cache emptied: 24962 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 879382 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13566344 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3915980 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 232.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Eli
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11072011_212905

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    I'll continue following your instructions while you look at this.
  17. efoxeli

    efoxeli TS Rookie Topic Starter

    checkup.txt

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 4 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 29
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
  18. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Looks good....
  19. efoxeli

    efoxeli TS Rookie Topic Starter

    ESETScan

    Hey Broni,

    TFC ran successfully as did ESET, finally, that took a long time. This morning I ran a whole computer scan using AVG Free 2012 and it found no threats.

    Heres the ESET scan results:

    C:\Documents and Settings\NetworkService\Application Data\1B9BC4F535B50877E27F93AA11E6F469\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
    C:\Documents and Settings\NetworkService\Application Data\1B9BC4F535B50877E27F93AA11E6F469\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5PWV2Y83\index[1].htm HTML/Refresh.AU trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{18CC20FE-772F-4276-A214-16CC6E97046F}\RP23\A0006349.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

    I now have started using this computer for other things (email, surfing, etc.) and it seems to be running fine. I have some updates waiting to be installed. Is it safe to proceed with them now?

    Thanks again and again for all your help.
  20. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  21. efoxeli

    efoxeli TS Rookie Topic Starter

    The warm glow of success

    Hey Broni,

    If my first born wasn't such a pain in the a**, he'd be yours. I can't thank you enough for putting up with my clumsiness and helping me to clean up this computer.

    I'll take your advice on the maintenance programs and hopefully it won't happen again.

    The computer seems to be running normally. Like most computers it has it's idiosyncrasies but nothing feels malicious or acts crazy anymore more so than usual.

    Here is the OTL log just generated. I'll start the clean up.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Eli
    ->Temp folder emptied: 4690128 bytes
    ->Temporary Internet Files folder emptied: 8036793 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 86168756 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 924 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 163287500 bytes
    ->Java cache emptied: 13 bytes
    ->Flash cache emptied: 28635 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1805260 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 252.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Eli
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 11082011_190152

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VBVKUMPS\l10n[1].js not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JD6SP1KW\jCarouselLite[1].js not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JD6SP1KW\superfish-1.4.8[1].js not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D1HKSAU0\contentslider[2].js not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D1HKSAU0\search[1].htm not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C8WANUPO\search[1].htm not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2LQJR5WB\mymilwaukeeteams_com[1].txt not found!
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2LQJR5WB\serchhippo_net[1].txt moved successfully.

    Registry entries deleted on Reboot...
  22. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.