Computer acting very sluggish. virus?

Solved
By kojudy1
Apr 2, 2011
Topic Status:
Not open for further replies.
  1. I have a friends computer Im trying to rid of viruses or whatever is on it. Its been acting very slow in loading programs, and starting up. I followed the 6 steps and have the logs to share. Any help would be appreciated, if further info is needed let me know.

    Its a 2.79ghz cpu and 1.5 gb of ram so it should definitely be running alot faster than what is is. After running the virus scan, and the malware bytes scan it is running a little bit faster, but still hang in trying to start up any new program. Here are the Logs:

    ------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6243

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    4/2/2011 12:14:31 AM
    mbam-log-2011-04-02 (00-14-31).txt

    Scan type: Quick scan
    Objects scanned: 139616
    Time elapsed: 31 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 3
    Registry Values Infected: 2
    Registry Data Items Infected: 4
    Folders Infected: 6
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\TabDiscover (Adware.TabDiscover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TABDISCOVER_SERVICE (Adware.TabDiscover) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabDiscover Service (Adware.TabDiscover) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4C350B19-6CA1-4569-B14C-296D8D6535B2} (Adware.Jookz) -> Value: {4C350B19-6CA1-4569-B14C-296D8D6535B2} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4C350B19-6CA1-4569-B14C-296D8D6535B2} (Adware.Jookz) -> Value: {4C350B19-6CA1-4569-B14C-296D8D6535B2} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page (Hijack.StartPage) -> Bad: (http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    c:\documents and settings\all users\application data\tabdiscover (Adware.TabDiscover) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03} (Adware.TabDiscover) -> Delete on reboot.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\chrome (Adware.TabDiscover) -> Delete on reboot.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\defaults (Adware.TabDiscover) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\defaults\preferences (Adware.TabDiscover) -> Quarantined and deleted successfully.
    c:\program files\tabdiscover (Adware.TabDiscover) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\mozilla firefox\searchplugins\jookz.xml (Adware.Jookz) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\searchplugins\jookz.xml.bak (Adware.Jookz) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\chrome.manifest (Adware.TabDiscover) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\install.rdf (Adware.TabDiscover) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\chrome\tabdiscover.jar (Adware.TabDiscover) -> Delete on reboot.
    c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\defaults\preferences\prefs.js (Adware.TabDiscover) -> Quarantined and deleted successfully.
    ____________________________________________________

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-02 00:34:14
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Maxtor_6Y160M0 rev.YAR51HW0
    Running: vvkeogeb.exe; Driver: C:\DOCUME~1\Vance\LOCALS~1\Temp\kwrdqkoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB55AC7BC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB55ACA12]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    ____________________________________________________

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Vance at 0:43:37.78 on Sat 04/02/2011
    Internet Explorer: 6.0.2900.5512
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.866 [GMT -4:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    svchost.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Vance\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    mDefault_Page_URL = hxxp://www.google.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    mLocal Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289639884546
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301594878171
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\vance\applic~1\mozilla\firefox\profiles\bx6ufcpq.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\vance\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
    FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 15592]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-3-4 1523008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-6 517448]
    S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
    S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    .
    =============== Created Last 30 ================
    .
    2011-04-02 03:41:00 -------- d-----w- c:\docume~1\vance\applic~1\Malwarebytes
    2011-04-02 03:38:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-02 03:38:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-02 03:37:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-02 03:37:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-01 19:05:55 -------- d-----w- c:\docume~1\vance\locals~1\applic~1\AVG Security Toolbar
    2011-04-01 14:31:44 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-04-01 14:31:43 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-04-01 14:26:22 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-04-01 14:25:43 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-04-01 14:18:43 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2011-04-01 14:18:39 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-04-01 14:16:08 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-03-31 19:42:08 -------- d-----w- c:\windows\system32\scripting
    2011-03-31 19:42:04 -------- d-----w- c:\windows\l2schemas
    2011-03-31 19:42:01 -------- d-----w- c:\windows\system32\en
    2011-03-31 19:42:00 -------- d-----w- c:\windows\system32\bits
    2011-03-31 19:13:00 -------- d-----w- c:\windows\network diagnostic
    2011-03-31 17:10:42 -------- d--h--w- C:\VritualRoot
    2011-03-31 17:06:48 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
    2011-03-31 17:03:22 -------- d-----w- c:\program files\COMODO
    2011-03-30 21:17:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
    2011-03-30 20:25:43 29504 ----a-w- c:\windows\system32\uxtuneup.dll
    2011-03-30 20:20:23 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2011-03-30 20:19:38 -------- d-----w- c:\docume~1\vance\applic~1\TuneUp Software
    2011-03-30 20:18:57 -------- d-----w- c:\program files\TuneUp Utilities 2011
    2011-03-30 20:17:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
    2011-03-30 20:16:24 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-03-30 20:05:33 21504 ----a-w- c:\windows\system32\hidserv.dll
    .
    ==================== Find3M ====================
    .
    2011-02-05 00:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-05 00:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 0:45:41.65 ===============

    ____________________________________

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/10/2010 4:12:08 AM
    System Uptime: 4/2/2011 12:15:54 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0M3918
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 90.562 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Modem
    Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
    Manufacturer:
    Name: PCI Modem
    PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP286: 11/13/2010 4:21:56 AM - Software Distribution Service 3.0
    RP287: 11/13/2010 8:00:20 AM - Software Distribution Service 3.0
    RP288: 11/14/2010 8:00:17 AM - Software Distribution Service 3.0
    RP289: 11/15/2010 8:21:44 AM - System Checkpoint
    RP290: 11/16/2010 9:19:24 AM - System Checkpoint
    RP291: 11/17/2010 12:33:45 AM - Installed Enigma
    RP292: 11/18/2010 2:00:14 AM - System Checkpoint
    RP293: 11/19/2010 2:20:37 AM - System Checkpoint
    RP294: 11/20/2010 6:00:11 AM - System Checkpoint
    RP295: 11/21/2010 6:19:23 AM - System Checkpoint
    RP296: 11/22/2010 6:21:26 AM - System Checkpoint
    RP297: 11/23/2010 7:21:33 AM - System Checkpoint
    RP298: 11/24/2010 8:18:57 AM - System Checkpoint
    RP299: 11/25/2010 8:20:31 AM - System Checkpoint
    RP300: 11/26/2010 9:14:34 AM - System Checkpoint
    RP301: 11/27/2010 10:17:07 AM - System Checkpoint
    RP302: 11/28/2010 11:12:40 AM - System Checkpoint
    RP303: 11/29/2010 11:14:56 AM - System Checkpoint
    RP304: 11/30/2010 12:07:02 PM - System Checkpoint
    RP305: 12/1/2010 12:08:05 PM - System Checkpoint
    RP306: 12/2/2010 1:05:51 PM - System Checkpoint
    RP307: 12/3/2010 1:07:12 PM - System Checkpoint
    RP308: 12/4/2010 1:28:44 PM - System Checkpoint
    RP309: 12/5/2010 2:02:12 PM - System Checkpoint
    RP310: 12/6/2010 2:05:31 PM - System Checkpoint
    RP311: 12/7/2010 1:39:45 PM - Removed Apple Application Support
    RP312: 12/7/2010 1:41:34 PM - Removed Apple Application Support
    RP313: 12/7/2010 1:42:38 PM - Removed Apple Mobile Device Support
    RP314: 12/8/2010 2:01:39 PM - System Checkpoint
    RP315: 12/9/2010 3:01:06 PM - System Checkpoint
    RP316: 12/10/2010 3:41:08 PM - System Checkpoint
    RP317: 12/11/2010 4:31:08 PM - System Checkpoint
    RP318: 12/12/2010 5:02:11 PM - System Checkpoint
    RP319: 12/13/2010 6:15:21 PM - System Checkpoint
    RP320: 12/14/2010 7:04:21 PM - System Checkpoint
    RP321: 12/15/2010 7:22:00 PM - System Checkpoint
    RP322: 1/12/2005 9:36:03 AM - System Checkpoint
    RP323: 1/13/2005 10:08:30 AM - System Checkpoint
    RP324: 1/14/2005 11:08:30 AM - System Checkpoint
    RP325: 1/15/2005 11:09:35 AM - System Checkpoint
    RP326: 1/16/2005 11:18:31 AM - System Checkpoint
    RP327: 1/23/2005 10:29:22 PM - System Checkpoint
    RP328: 1/24/2005 11:16:12 PM - System Checkpoint
    RP329: 1/26/2005 12:16:12 AM - System Checkpoint
    RP330: 1/27/2005 1:16:15 AM - System Checkpoint
    RP331: 1/28/2005 2:16:13 AM - System Checkpoint
    RP332: 1/29/2005 3:08:11 AM - System Checkpoint
    RP333: 1/30/2005 3:23:00 AM - System Checkpoint
    RP334: 1/31/2005 4:22:59 AM - System Checkpoint
    RP335: 1/31/2005 9:28:23 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP336: 1/31/2005 9:28:50 PM - Installed AVG 2011
    RP337: 1/31/2005 9:30:15 PM - Installed AVG 2011
    RP338: 1/6/2011 8:42:11 PM - System Checkpoint
    RP339: 3/30/2011 4:14:50 PM - Removed AVG 2011
    RP340: 3/30/2011 4:16:02 PM - Software Distribution Service 3.0
    RP341: 3/30/2011 4:18:52 PM - Installed TuneUp Utilities 2011
    RP342: 3/30/2011 4:59:30 PM - Removed 184662
    RP343: 3/30/2011 5:01:34 PM - Removed Bonjour
    RP344: 3/30/2011 5:05:39 PM - Removed ijji REACTOR
    RP345: 3/30/2011 5:11:03 PM - Removed MSN Toolbar Setup
    RP346: 3/31/2011 2:44:15 AM - Removed AVG 2011
    RP347: 3/31/2011 12:58:53 PM - Software Distribution Service 3.0
    RP348: 3/31/2011 1:03:15 PM - Installed COMODO Internet Security
    RP349: 3/31/2011 1:12:32 PM - Software Distribution Service 3.0
    RP350: 3/31/2011 1:23:11 PM - Software Distribution Service 3.0
    RP351: 3/31/2011 1:37:15 PM - Software Distribution Service 3.0
    RP352: 3/31/2011 2:11:39 PM - Software Distribution Service 3.0
    RP353: 4/1/2011 2:23:23 PM - System Checkpoint
    RP354: 4/1/2011 3:11:10 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Acoustica Effects Pack
    Acoustica Mixcraft 4.5
    Acoustica Mixcraft 5
    Adobe Audition 3.0
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    AIM 7
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    AVG 2011
    BearShare
    COMODO Internet Security
    Counter-Strike
    Enigma
    ESPNMotion
    FL Studio 9
    FL Studio v7.0
    FrostWire 4.21.1
    Full Tilt Poker
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    IL Download Manager
    Intel(R) PRO Network Adapters and Drivers
    iTunes
    Java(TM) 6 Update 17
    LimeWire 5.5.16
    Live 6.0.1
    Live 6.0.11
    MA_CMIDI
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.12)
    NVIDIA Drivers
    PoiZone
    QuickTime
    Rob Papen Predator V1.1.1
    Sawer
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Sonic Encoders
    SoundMAX
    Steam
    Super Mario 3 : Mario Forever
    Sylenth1 v2.20
    Toxic Biohazard
    TruePianos 1.5.0
    TruePianos: Amber Module 1.4.0
    TruePianos: Diamond Module 1.4.0
    TruePianos: Emerald Module 1.4.0
    TruePianos: Sapphire Module 1.4.0
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Live ID Sign-in Assistant
    Windows Media Format Runtime
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB908250
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip 14.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/2/2011 12:19:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    4/1/2011 11:10:49 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    3/31/2011 3:47:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4012-AFF7-4AC3-AAC2-9F24C1457BCE}
    3/31/2011 3:26:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
    3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    3/31/2011 3:25:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    3/31/2011 2:51:15 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    3/31/2011 2:30:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
    3/31/2011 2:30:26 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/31/2011 12:53:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/31/2011 12:53:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {C1174535-161F-4CB7-B63F-A12BA2EB7C88}
    3/31/2011 12:36:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {5EF1CF5D-87A9-434B-8786-2A08E1C30F6C}
    3/31/2011 12:36:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
    3/31/2011 12:35:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/31/2011 1:26:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP.
    3/31/2011 1:10:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.
    3/31/2011 1:09:07 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/30/2011 4:25:47 PM, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
    3/30/2011 4:17:30 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    You're running two AV programs, Comodo and AVG.
    One of them has to go.
    I suggest, you uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools

    When done...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    OK had some problems with combofix, but i think i got it to work. I got rid of AVG also.... here are the logs:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 119):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D1000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA5AC000 intelide.sys
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AE000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xBA338000 cercsr6.sys
    0xB9EF3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9ED3000 fltmgr.sys
    0xB9EC1000 sr.sys
    0xBA340000 PxHelp20.sys
    0xB9EAA000 KSecDD.sys
    0xB9E1D000 Ntfs.sys
    0xB9E07000 inspect.sys
    0xB9DDA000 \WINDOWS\System32\DRIVERS\NDIS.SYS
    0xBA348000 \WINDOWS\System32\DRIVERS\TDI.SYS
    0xB9DC0000 Mup.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB94AB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xB9497000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA3A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9473000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB944D000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xB93B7000 \SystemRoot\system32\drivers\smwdm.sys
    0xB91CE000 \SystemRoot\system32\drivers\portcls.sys
    0xBA198000 \SystemRoot\system32\drivers\drmk.sys
    0xB91AB000 \SystemRoot\system32\drivers\ks.sys
    0xBA5D0000 \SystemRoot\system32\drivers\aeaudio.sys
    0xBA3B8000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xB9197000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA590000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xBA3C0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA75D000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9130000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB911F000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB87A9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB9080000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA60A000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB874B000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9BFA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9070000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB9060000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA60C000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA488000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xBA580000 \SystemRoot\System32\DRIVERS\cmderd.sys
    0xB6612000 \SystemRoot\System32\DRIVERS\cmdguard.sys
    0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA743000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
    0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB87FD000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB65B7000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB655E000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA370000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
    0xB6536000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB6514000 \SystemRoot\System32\drivers\afd.sys
    0xB9030000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xB64E9000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB87DD000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    0xB6479000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xB9010000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB6453000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB8C91000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA360000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xBA550000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xB8C71000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA558000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xBA54C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB8C61000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB6413000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA622000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB9D73000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3F8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA7D6000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xB613F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBA664000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB5CCB000 \SystemRoot\System32\Drivers\HTTP.sys
    0xB5A86000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBA168000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA74B000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
    0xB5379000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB534E000
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 26):
    0 System Idle Process
    4 System
    608 C:\WINDOWS\system32\smss.exe
    912 csrss.exe
    1112 C:\WINDOWS\system32\winlogon.exe
    1252 C:\WINDOWS\system32\services.exe
    1280 C:\WINDOWS\system32\lsass.exe
    1584 C:\WINDOWS\system32\svchost.exe
    1688 svchost.exe
    1832 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    1912 C:\WINDOWS\system32\svchost.exe
    204 svchost.exe
    460 svchost.exe
    724 C:\WINDOWS\system32\spoolsv.exe
    904 svchost.exe
    956 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    716 C:\WINDOWS\explorer.exe
    280 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    1288 C:\WINDOWS\system32\dllhost.exe
    3696 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    508 C:\WINDOWS\system32\svchost.exe
    524 C:\WINDOWS\system32\wscntfy.exe
    2172 C:\WINDOWS\ehome\ehrecvr.exe
    2644 C:\Program Files\Mozilla Firefox\firefox.exe
    1776 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3996 C:\Documents and Settings\Vance\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: Maxtor6Y160M0, Rev: YAR51HW0

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!


    ______________________________________

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 04/02/2011 at 15:12:54.
    Operating System: Microsoft Windows XP


    Processes terminated by Rkill or while it was running:

    C:\WINDOWS\system32\userinit.exe


    Rkill completed on 04/02/2011 at 15:12:58.

    ________________________________________________

    ComboFix 11-03-30.02 - Vance 04/02/2011 15:22:57.1.1 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1299 [GMT -4:00]
    Running from: c:\documents and settings\Vance\Desktop\Kent.exe
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Vance\Start Menu\Programs\System Tool
    C:\drvrtmp
    c:\windows\system32\inf
    c:\windows\system32\inf\MA_CMIDI.INF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-02 05:10 . 2011-04-02 05:10 -------- d-----w- c:\program files\ESET
    2011-04-02 03:41 . 2011-04-02 03:41 -------- d-----w- c:\documents and settings\Vance\Application Data\Malwarebytes
    2011-04-02 03:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-02 03:38 . 2011-04-02 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-02 03:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-02 03:37 . 2011-04-02 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-01 19:05 . 2011-04-01 19:05 -------- d-----w- c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar
    2011-04-01 14:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-04-01 14:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-04-01 14:26 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-04-01 14:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-04-01 14:18 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2011-04-01 14:18 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-04-01 14:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\scripting
    2011-03-31 19:42 . 2011-03-31 19:42 -------- d-----w- c:\windows\l2schemas
    2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\en
    2011-03-31 19:42 . 2011-03-31 20:15 -------- d-----w- c:\windows\system32\bits
    2011-03-31 17:10 . 2011-03-31 17:10 -------- d-----w- C:\VritualRoot
    2011-03-31 17:06 . 2011-04-02 19:10 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
    2011-03-31 17:03 . 2011-03-31 17:03 -------- d-----w- c:\program files\COMODO
    2011-03-30 21:17 . 2011-03-31 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2011-03-30 20:25 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll
    2011-03-30 20:20 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2011-03-30 20:19 . 2011-03-30 20:19 -------- d-----w- c:\documents and settings\Vance\Application Data\TuneUp Software
    2011-03-30 20:18 . 2011-03-30 20:26 -------- d-----w- c:\program files\TuneUp Utilities 2011
    2011-03-30 20:17 . 2011-03-30 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
    2011-03-30 20:16 . 2011-03-30 20:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-03-30 20:05 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-05 00:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-05 00:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58 . 2010-01-10 09:02 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2010-01-10 09:02 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-10 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    path=c:\documents and settings\Vance\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    backup=c:\windows\pss\FrostWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Vance\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-10 10:00 135664 ----atw- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-03 15:16 13529088 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-03 15:16 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-03 15:16 1630208 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-12-01 04:29 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MA_CMIDI_InstallerService"=2 (0x2)
    "wlidsvc"=2 (0x2)
    "mstbsvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "spkrmon"=2 (0x2)
    "NVSvc"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "gupdate"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "TabDiscover Service"=2 (0x2)
    "Jookz Toolbar Helper"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "MHN"=3 (0x3)
    "McrdSvc"=2 (0x2)
    "lanmanworkstation"=2 (0x2)
    "lanmanserver"=2 (0x2)
    "ImapiService"=3 (0x3)
    "helpsvc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "ehSched"=2 (0x2)
    "ehRecvr"=2 (0x2)
    "AppMgmt"=3 (0x3)
    "ALG"=3 (0x3)
    "Akamai"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\vap3one\\counter-strike\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1063:TCP"= 1063:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/4/2011 12:30 PM 1523008]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 10:27 PM 10064]
    S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 7:00 AM 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:24 AM 135664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
    .
    2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
    .
    2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
    - c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
    .
    2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
    - c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mLocal Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\documents and settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
    FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
    MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-02 15:28
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(252)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'lsass.exe'(308)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2011-04-02 15:30:46
    ComboFix-quarantined-files.txt 2011-04-02 19:30
    .
    Pre-Run: 99,652,734,976 bytes free
    Post-Run: 99,615,170,560 bytes free
    .
    - - End Of File - - 5CA2885BA136CFD2DD045C8537BA9739
  4. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Try to run Following Combofix in normal mode, or at least in Safe Mode with Networking, so recovery console can be installed.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
    
    Folder::
    c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  5. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    I couldnt get it to run in normal mode. I ran it through safe mode with networking, and installed the recovery console. It did pop up saying comodo was active before it ran. I didnt see any kind of processes from comodo in task manager tho so i just went through with it. Heres the log:

    ComboFix 11-04-02.03 - Vance 04/02/2011 22:42:39.2.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1287 [GMT -4:00]
    Running from: c:\documents and settings\Vance\Desktop\Kent.exe
    Command switches used :: c:\documents and settings\Vance\Desktop\CFScript.txt
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar
    c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-02 05:10 . 2011-04-02 05:10 -------- d-----w- c:\program files\ESET
    2011-04-02 03:41 . 2011-04-02 03:41 -------- d-----w- c:\documents and settings\Vance\Application Data\Malwarebytes
    2011-04-02 03:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-02 03:38 . 2011-04-02 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-02 03:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-02 03:37 . 2011-04-02 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-01 14:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2011-04-01 14:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2011-04-01 14:26 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2011-04-01 14:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2011-04-01 14:18 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
    2011-04-01 14:18 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2011-04-01 14:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\scripting
    2011-03-31 19:42 . 2011-03-31 19:42 -------- d-----w- c:\windows\l2schemas
    2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\en
    2011-03-31 19:42 . 2011-03-31 20:15 -------- d-----w- c:\windows\system32\bits
    2011-03-31 17:10 . 2011-03-31 17:10 -------- d-----w- C:\VritualRoot
    2011-03-31 17:06 . 2011-04-03 02:33 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
    2011-03-31 17:03 . 2011-03-31 17:03 -------- d-----w- c:\program files\COMODO
    2011-03-30 21:17 . 2011-03-31 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2011-03-30 20:25 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll
    2011-03-30 20:20 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe
    2011-03-30 20:19 . 2011-03-30 20:19 -------- d-----w- c:\documents and settings\Vance\Application Data\TuneUp Software
    2011-03-30 20:18 . 2011-03-30 20:26 -------- d-----w- c:\program files\TuneUp Utilities 2011
    2011-03-30 20:17 . 2011-03-30 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
    2011-03-30 20:16 . 2011-03-30 20:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    2011-03-30 20:05 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-05 00:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
    2011-02-05 00:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll
    2011-02-02 07:58 . 2010-01-10 09:02 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2010-01-10 09:02 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-10 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
    path=c:\documents and settings\Vance\Start Menu\Programs\Startup\FrostWire On Startup.lnk
    backup=c:\windows\pss\FrostWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Vance\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
    2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-01-10 10:00 135664 ----atw- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-05-03 15:16 13529088 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-05-03 15:16 86016 ----a-w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-05-03 15:16 1630208 ----a-w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-12-01 04:29 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MA_CMIDI_InstallerService"=2 (0x2)
    "wlidsvc"=2 (0x2)
    "mstbsvc"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "spkrmon"=2 (0x2)
    "NVSvc"=2 (0x2)
    "iPod Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    "gupdate"=2 (0x2)
    "Adobe LM Service"=3 (0x3)
    "TabDiscover Service"=2 (0x2)
    "Jookz Toolbar Helper"=2 (0x2)
    "mnmsrvc"=3 (0x3)
    "MHN"=3 (0x3)
    "McrdSvc"=2 (0x2)
    "lanmanworkstation"=2 (0x2)
    "lanmanserver"=2 (0x2)
    "ImapiService"=3 (0x3)
    "helpsvc"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "ehSched"=2 (0x2)
    "ehRecvr"=2 (0x2)
    "AppMgmt"=3 (0x3)
    "ALG"=3 (0x3)
    "Akamai"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Steam\\steamapps\\vap3one\\counter-strike\\hl.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1063:TCP"= 1063:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/4/2011 12:30 PM 1523008]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 10:27 PM 10064]
    S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 7:00 AM 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:24 AM 135664]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
    .
    2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
    .
    2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
    - c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
    .
    2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
    - c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mLocal Page = hxxp://www.google.com/
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\documents and settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - google.com/firefox
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
    FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-02 22:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwClose, ZwOpenFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
    "AB141C35E9F4BF344B9FC010BB17F68A"=""
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(964)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'lsass.exe'(1180)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2011-04-02 22:49:58
    ComboFix-quarantined-files.txt 2011-04-03 02:49
    ComboFix2.txt 2011-04-02 19:30
    .
    Pre-Run: 99,385,688,064 bytes free
    Post-Run: 99,375,513,600 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 65AA80C1E75F4F4A440D8FB1D4805D1C
  6. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  7. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    OTL LOG:

    OTL logfile created on: 4/3/2011 12:17:31 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vance\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 92.75 Gb Free Space | 62.24% Space Free | Partition Type: NTFS

    Computer Name: MINDSHID-33E87C | User Name: Vance | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    PRC - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/31 02:30:04 | 003,229,784 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
    SRV - [2011/03/04 12:30:34 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2005/09/28 20:06:30 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
    SRV - [2003/08/28 18:01:22 | 000,061,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/06 17:37:04 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2011/01/06 17:37:04 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/01/06 17:37:02 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/01/06 17:37:02 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
    DRV - [2010/11/29 22:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Jookz"
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: "Jookz"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "google.com/firefox"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 00:24:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/07 14:38:40 | 000,000,000 | ---D | M]

    [2010/11/28 16:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions
    [2010/01/10 06:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/04/02 22:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions
    [2010/11/28 16:51:53 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions\vshare@toolbar
    [2010/11/28 16:51:58 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\searchplugins\web-search.xml
    [2011/04/02 00:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2010/01/10 06:00:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

    O1 HOSTS File: ([2011/04/02 22:47:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289639884546 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1301594878171 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/10 05:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17746534284132352)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/03 00:15:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    [2011/04/02 22:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/04/02 22:40:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/02 22:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/04/02 15:16:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/02 15:16:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/02 15:16:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/02 15:16:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/02 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/02 15:13:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/02 01:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/04/01 23:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\Malwarebytes
    [2011/04/01 23:38:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/01 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/01 23:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/01 23:37:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/01 23:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/01 23:10:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
    [2011/04/01 15:03:55 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2011/04/01 08:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/03/31 15:42:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
    [2011/03/31 15:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2011/03/31 15:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2011/03/31 15:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2011/03/31 15:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2011/03/31 15:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2011/03/31 14:33:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2011/03/31 14:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2011/03/31 13:10:42 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2011/03/31 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
    [2011/03/31 13:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2011/03/30 17:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2011/03/30 16:25:43 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2011/03/30 16:20:23 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2011/03/30 16:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
    [2011/03/30 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
    [2011/03/30 16:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011/03/30 16:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2011/03/30 16:16:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

    ========== Files - Modified Within 30 Days ==========

    [2011/04/03 00:25:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
    [2011/04/03 00:21:49 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    [2011/04/03 00:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/02 22:52:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/02 22:51:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/02 22:47:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/02 22:40:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/04/02 22:37:19 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
    [2011/04/02 22:30:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
    [2011/04/02 22:30:10 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
    [2011/04/02 15:08:48 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
    [2011/04/02 14:58:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
    [2011/04/02 00:38:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
    [2011/04/02 00:29:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
    [2011/04/01 23:10:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
    [2011/04/01 22:57:44 | 000,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/01 15:37:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/01 15:03:57 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/01 11:25:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
    [2011/04/01 08:24:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/04/01 08:24:22 | 000,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/01 08:24:22 | 000,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/01 08:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/31 15:10:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/31 13:04:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2011/03/31 13:02:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/03/30 16:29:35 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2011/03/04 12:32:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll

    ========== Files Created - No Company Name ==========

    [2011/04/02 22:40:40 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/04/02 22:40:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/02 22:30:19 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
    [2011/04/02 22:30:08 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
    [2011/04/02 15:16:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/02 15:16:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/02 15:16:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/02 15:16:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/02 15:16:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/02 15:09:31 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
    [2011/04/02 15:08:46 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
    [2011/04/02 14:58:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
    [2011/04/02 00:38:11 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
    [2011/04/02 00:29:34 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
    [2011/03/31 13:06:48 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2011/03/31 13:04:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2011/03/30 16:20:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
    [2010/11/28 16:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/15 10:41:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
    [2010/07/03 00:52:30 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2010/03/31 01:53:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/13 00:17:55 | 000,013,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/01/10 05:52:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2010/01/10 05:17:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\fusioncache.dat
    [2010/01/10 05:12:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/01/10 05:05:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/09/27 20:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2008/05/03 11:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/03 11:16:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2008/05/03 11:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/03 11:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2008/05/03 11:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/03 11:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/03 11:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2008/05/03 11:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2008/05/03 11:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/08/05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/01/09 20:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/01/09 20:56:41 | 000,097,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 07:00:00 | 000,401,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 07:00:00 | 000,062,460 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2010/10/08 11:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Front
    [2010/01/13 02:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
    [2010/01/13 03:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
    [2010/01/10 05:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/11/16 23:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
    [2005/01/31 22:35:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/01/10 05:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2011/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/01/06 19:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nFaLf06307
    [2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2011/03/30 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/03/23 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/03/30 16:16:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2010/12/07 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/10 06:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/11/16 23:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
    [2010/10/08 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\4Front
    [2010/01/13 02:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Ableton
    [2010/01/10 05:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\acccore
    [2010/01/13 03:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Acoustica
    [2010/11/04 02:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Applied Acoustics Systems
    [2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10
    [2010/02/14 04:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Blitware
    [2010/12/15 16:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\FrostWire
    [2010/01/13 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\ijjigame
    [2010/11/17 02:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\LimeWire
    [2010/12/02 23:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\OpenCandy
    [2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Otto
    [2010/08/24 14:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\SynthMaker
    [2011/03/30 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
    [2010/08/20 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\webex

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/01/10 05:09:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/03/31 13:02:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/04/02 22:40:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/04/02 22:49:58 | 000,014,466 | ---- | M] () -- C:\ComboFix.txt
    [2010/01/10 05:09:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/07/03 00:48:47 | 000,565,248 | -HS- | M] () -- C:\ehthumbs.db
    [2010/01/10 05:09:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/03/31 19:32:38 | 000,001,313 | -H-- | M] () -- C:\IPH.PH
    [2010/01/10 05:09:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/03/31 15:10:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/04/02 22:51:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/04/02 22:35:49 | 000,000,359 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2010/01/10 05:08:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/05/07 12:39:07 | 000,001,698 | -H-- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2010/07/03 00:52:30 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/01/09 20:55:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/01/09 20:55:45 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/01/09 20:55:44 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/03/31 15:46:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/04/01 15:04:08 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/01/10 05:31:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/02 22:37:19 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
    [2011/04/02 14:58:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
    [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    [2011/04/02 22:30:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
    [2011/04/01 23:10:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
    [2011/04/02 00:29:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/11/12 04:09:03 | 001,228,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vance\My Documents\Captivate_5_WWEFDJ.exe
    [2010/11/07 04:01:49 | 001,228,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vance\My Documents\Photoshop_12_LS1.exe
    [2010/11/12 04:52:44 | 001,228,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vance\My Documents\PremierePro_5_LS7.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/01 15:04:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Vance\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/04/02 22:54:35 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Vance\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 05:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 05:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 05:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 05:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  8. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    Extras LOG:

    OTL Extras logfile created on: 4/3/2011 12:17:31 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vance\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 92.75 Gb Free Space | 62.24% Space Free | Partition Type: NTFS

    Computer Name: MINDSHID-33E87C | User Name: Vance | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "1063:TCP" = 1063:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
    "C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
    "C:\Program Files\Steam\steamapps\vap3one\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\vap3one\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
    "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = MA_CMIDI
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
    "{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
    "Acoustica Effects Pack" = Acoustica Effects Pack
    "Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
    "Acoustica Mixcraft 5" = Acoustica Mixcraft 5
    "Adobe Audition 3.0" = Adobe Audition 3.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface
    "ASIO4ALL" = ASIO4ALL
    "BearShare" = BearShare
    "ESET Online Scanner" = ESET Online Scanner v3
    "ESPNMotion" = ESPNMotion
    "FL Studio 9" = FL Studio 9
    "FL Studio_is1" = FL Studio v7.0
    "FrostWire" = FrostWire 4.21.1
    "IL Download Manager" = IL Download Manager
    "LimeWire" = LimeWire 5.5.16
    "Live 6.0.1" = Live 6.0.1
    "Live 6.0.11" = Live 6.0.11
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "NVIDIA Drivers" = NVIDIA Drivers
    "PoiZone" = PoiZone
    "Predator_is1" = Rob Papen Predator V1.1.1
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Sawer" = Sawer
    "Steam App 10" = Counter-Strike
    "Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
    "Sylenth1_is1" = Sylenth1 v2.20
    "Toxic Biohazard" = Toxic Biohazard
    "TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
    "TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
    "TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
    "TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0
    "TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
    "TruePianos_is1" = TruePianos 1.5.0
    "TuneUp Utilities 2011" = TuneUp Utilities 2011
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/11/2005 10:32:06 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 1/11/2005 10:32:06 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The specified server cannot perform the requested operation.

    Error - 1/11/2005 10:32:06 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/11/2005 11:21:00 PM | Computer Name = MINDSHID-33E87C | Source = Application Hang | ID = 1002
    Description = Hanging application moviemk.exe, version 2.1.4027.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 1/16/2005 8:43:22 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/16/2005 8:43:22 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/16/2005 8:43:27 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/16/2005 8:43:39 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/16/2005 8:43:39 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    Error - 1/16/2005 8:43:49 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file.

    [ System Events ]
    Error - 4/2/2011 3:37:18 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 4/2/2011 3:37:22 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7034
    Description = The TuneUp Utilities Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 4/2/2011 10:23:27 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 4/2/2011 10:25:25 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7034
    Description = The TuneUp Utilities Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 4/2/2011 10:35:05 PM | Computer Name = MINDSHID-33E87C | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/2/2011 10:35:58 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 4/2/2011 10:35:58 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cmdGuard Fips intelppm OMCI

    Error - 4/2/2011 10:50:25 PM | Computer Name = MINDSHID-33E87C | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 4/2/2011 10:52:10 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7001
    Description = The Computer Browser service depends on the Server service which failed
    to start because of the following error: %%1058

    Error - 4/3/2011 12:16:38 AM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7034
    Description = The TuneUp Utilities Service service terminated unexpectedly. It
    has done this 1 time(s).


    < End of report >
  9. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
      FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
      FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
      FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M]
      [2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
      [2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
      [2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  10. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    OTL LOG:

    OTL logfile created on: 4/3/2011 11:44:31 AM - Run 2
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vance\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.00 Gb Total Space | 92.63 Gb Free Space | 62.17% Space Free | Partition Type: NTFS

    Computer Name: MINDSHID-33E87C | User Name: Vance | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    PRC - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
    MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Unknown | Stopped] -- -- (MSDTC)
    SRV - [2011/03/31 02:30:04 | 003,229,784 | ---- | M] () [Unknown | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
    SRV - [2011/03/04 12:30:34 | 001,523,008 | ---- | M] (TuneUp Software) [Unknown | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) [Unknown | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
    SRV - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Unknown | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2005/09/28 20:06:30 | 000,094,208 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
    SRV - [2003/08/28 18:01:22 | 000,061,440 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/06 17:37:04 | 000,094,784 | ---- | M] (COMODO) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2011/01/06 17:37:04 | 000,027,576 | ---- | M] (COMODO) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/01/06 17:37:02 | 000,239,368 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard)
    DRV - [2011/01/06 17:37:02 | 000,015,592 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmderd.sys -- (cmderd)
    DRV - [2010/11/29 22:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | Unknown | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
    DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Jookz"
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: "Jookz"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "google.com/firefox"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 11:31:19 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 11:39:30 | 000,000,000 | ---D | M]

    [2010/11/28 16:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions
    [2010/01/10 06:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2011/04/03 11:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions
    [2010/11/28 16:51:53 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions\vshare@toolbar
    [2010/11/28 16:51:58 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\searchplugins\web-search.xml
    [2011/04/03 11:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/04/03 11:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2010/01/10 06:00:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/04/02 22:47:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme [2010/01/10 05:04:06 | 000,000,000 | ---D | M]
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289639884546 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1301594878171 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/10 05:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/03 11:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/04/03 11:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/04/03 11:31:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/04/03 00:15:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    [2011/04/02 22:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/04/02 22:40:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/04/02 22:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2011/04/02 15:16:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/04/02 15:16:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/04/02 15:16:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/04/02 15:16:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/04/02 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/04/02 15:13:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/02 01:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/04/01 23:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\Malwarebytes
    [2011/04/01 23:38:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/01 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/01 23:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/01 23:37:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/01 23:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/01 23:10:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
    [2011/04/01 15:03:55 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2011/04/01 08:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2011/03/31 15:42:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
    [2011/03/31 15:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2011/03/31 15:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2011/03/31 15:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2011/03/31 15:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2011/03/31 15:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2011/03/31 14:33:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2011/03/31 14:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    [2011/03/31 13:10:42 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2011/03/31 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
    [2011/03/31 13:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2011/03/30 17:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2011/03/30 16:25:43 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
    [2011/03/30 16:20:23 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2011/03/30 16:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
    [2011/03/30 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
    [2011/03/30 16:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
    [2011/03/30 16:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2011/03/30 16:16:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

    ========== Files - Modified Within 30 Days ==========

    [2011/04/03 11:41:40 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2011/04/03 11:31:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/03 11:31:31 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2011/04/03 11:25:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
    [2011/04/03 11:25:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
    [2011/04/03 11:23:29 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/03 11:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/04/03 01:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
    [2011/04/02 22:47:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/04/02 22:40:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/04/02 22:37:19 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
    [2011/04/02 22:30:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
    [2011/04/02 22:30:10 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
    [2011/04/02 15:08:48 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
    [2011/04/02 14:58:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
    [2011/04/02 00:38:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
    [2011/04/02 00:29:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
    [2011/04/01 23:10:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
    [2011/04/01 22:57:44 | 000,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/04/01 15:37:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/04/01 15:03:57 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/01 08:24:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2011/04/01 08:24:22 | 000,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/04/01 08:24:22 | 000,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/04/01 08:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/31 15:10:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/31 13:04:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2011/03/31 13:02:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/03/30 16:29:35 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
    [2011/03/04 12:32:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
    [2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll

    ========== Files Created - No Company Name ==========

    [2011/04/03 11:31:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/04/02 22:40:40 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/04/02 22:40:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/04/02 22:30:19 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
    [2011/04/02 22:30:08 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
    [2011/04/02 15:16:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/04/02 15:16:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/04/02 15:16:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/04/02 15:16:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/04/02 15:16:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/04/02 15:09:31 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
    [2011/04/02 15:08:46 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
    [2011/04/02 14:58:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
    [2011/04/02 00:38:11 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
    [2011/04/02 00:29:34 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
    [2011/03/31 13:06:48 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2011/03/31 13:04:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2011/03/30 16:20:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
    [2010/11/28 16:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/15 10:41:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
    [2010/07/03 00:52:30 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2010/03/31 01:53:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/13 00:17:55 | 000,013,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/01/10 05:52:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2010/01/10 05:17:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\fusioncache.dat
    [2010/01/10 05:12:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2010/01/10 05:05:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2009/09/27 20:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
    [2008/05/03 11:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/03 11:16:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2008/05/03 11:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2008/05/03 11:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2008/05/03 11:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/03 11:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2008/05/03 11:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2008/05/03 11:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2008/05/03 11:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2005/08/05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/01/09 20:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/01/09 20:56:41 | 000,097,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/10 07:00:00 | 000,401,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/10 07:00:00 | 000,062,460 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2010/10/08 11:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Front
    [2010/01/13 02:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
    [2010/01/13 03:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
    [2010/01/10 05:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/11/16 23:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
    [2005/01/31 22:35:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/01/10 05:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2011/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/01/06 19:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nFaLf06307
    [2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2011/03/30 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/03/23 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2011/03/30 16:16:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
    [2010/12/07 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/01/10 06:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/11/16 23:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
    [2010/10/08 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\4Front
    [2010/01/13 02:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Ableton
    [2010/01/10 05:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\acccore
    [2010/01/13 03:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Acoustica
    [2010/11/04 02:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Applied Acoustics Systems
    [2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10
    [2010/02/14 04:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Blitware
    [2010/12/15 16:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\FrostWire
    [2010/01/13 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\ijjigame
    [2010/11/17 02:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\LimeWire
    [2010/12/02 23:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\OpenCandy
    [2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Otto
    [2010/08/24 14:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\SynthMaker
    [2011/03/30 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
    [2010/08/20 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\webex

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < :OTL >

    < FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" >

    < FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=" >

    < FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared >

    < FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M] >
    Invalid Switch: 31 02:41:20 | 000,000,000 | ---D | M]


    < [2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 >
    Invalid Switch: 31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4


    < O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. >

    < O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found >

    < [2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar >
    Invalid Switch: 02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar


    < [2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10 >
    Invalid Switch: 31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10


    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyflash] >

    < [Reboot] >

    < End of report >


    ========================================

    Checkup LOG:

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Utilities 2011
    TuneUp Utilities Language Pack (en-US)
    TuneUp Utilities 2011
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.0.32.18
    Adobe Reader 9.3
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Comodo Firewall cmdagent.exe
    ``````````End of Log````````````

    ================================================

    ESET LOG:

    C:\System Volume Information\_restore{572C362D-522F-4755-9FB8-8C3B66D274D6}\RP342\A0082367.msi multiple threats
  11. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    This is not correct OTL log.
    You clicked on "Scan" instead of "Fix" button.
    Please, redo.

    Also....
    1. Do you have a whole Comodo Security Suite installed, or just firewall part?
    2. Update Internet Explorer to version 8.
    3. Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
  12. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    Whooopss sorry about that. post that in just a sec.
    I actually have the whole comodo security suite installed. I disabled it for a few different scans tho. I will update those programs too. Post back after I get my OTL log.
  13. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    OK i updated all of the software... Also when I ran OTL it said something about DC1 not being found or couldnt be opened I cant remember which.
    Heres the OTL fix log:

    All processes killed
    ========== OTL ==========
    Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
    Prefs.js: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared deleted successfully.
    File C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
    Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
    C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
    C:\Program Files\AVG\AVG10\Firefox4\Chrome folder moved successfully.
    C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
    Folder C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\ not found.
    Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ scheduled to be deleted on reboot.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ scheduled to be deleted on reboot.
    Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ .
    File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\cache folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
    C:\Documents and Settings\Vance\Application Data\AVG10\cfgall folder moved successfully.
    C:\Documents and Settings\Vance\Application Data\AVG10 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Vance
    ->Temp folder emptied: 7880 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 39549231 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16384 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 48536984 bytes

    Total Files Cleaned = 84.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Vance
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04032011_205950
     
  14. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
  15. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    OK I appreciate all your help. You guys are awesome. I still am thinking this computer should run faster than it is. I havent tried alot of different programs after all the cleanup, but firefox for example takes forever to start up after the computer starts. I end up killing it in task manager which takes about a minute in itself. Then it will start right up after that. Do you have any idea what the deal is with that? If it was my own personal computer I would just reinstall windows, but its my friends and he has a lot of stuff on here and doesnt want to, if he doesnt have too. Just seems like it should run smoother in my opinion compared to other computers Ive used. IDK if you have any ideas let me know. Here is the final log you asked for:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Vance
    ->Temp folder emptied: 560845 bytes
    ->Temporary Internet Files folder emptied: 19049975 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 28280767 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 56473347 bytes

    Total Files Cleaned = 100.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Vance
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 04032011_214236

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  16. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same issue?
  17. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    Well I just updated to firefox 4.0 a couple days ago. It seems theres no firefox with safe mode that I can see. I tried looking through all the mozilla folders in My Computer also and didnt see anything. Would you like me to just try it with windows in safe mode?
  18. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    It should be there. My screenshot is from Vista, but it should look similar in XP:

    [​IMG]

    ..or...
    Starting in Firefox 4, you can restart in Firefox Safe Mode via "Help -> Restart with Add-ons disabled...".
  19. kojudy1

    kojudy1 Newcomer, in training Topic Starter

    Hmm. I didnt see it. I went on my laptop and upgraded to 4 and didnt see it on there either. The computer that was having problems is XP, and my computer is Windows 7.
    On the slow computer, it was doing the same thing before I upgraded it too.
  20. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    ...
  21. Broni

    Broni Malware Annihilator Posts: 45,159   +242

    The issue seems to be resolved.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.