OTL

Hi Broni,

The machine seems to be running OK. I searched with google to a few of the web searches I did before that were getting redirected and was not being redirected, but this problem seemed to show up so suddenly, that I do not trust it is fixed without your help.

While running OTL windows gave me a warning that OTL.exe had become corrupted and that I should run chkdsk. I have not run chkdsk, should I? OTL seemed to finish even though this error popped up. The same happened before with one of the other scan tools, GMER or bootkit I think, but I'm not positive.

Here are the log files (split in to separate posts due to size).

-------------------------------------------
OTL Extras logfile created on: 2/5/2012 11:33:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.66% Memory free
2.58 Gb Paging File | 2.26 Gb Available in Paging File | 87.72% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 87.50 Gb Free Space | 60.63% Space Free | Partition Type: NTFS

Computer Name: DC9KK691 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-910154618-685303889-673547498-1018\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Rumo\TroubleShooter.exe" = C:\Program Files\Rumo\TroubleShooter.exe:*:Enabled:Rumo (Helper) -- (FreeCause Inc.)
"C:\Program Files\Rumo\ToolbarUpdate.exe" = C:\Program Files\Rumo\ToolbarUpdate.exe:*:Enabled:Rumo (Update) -- (FreeCause Inc.)
"C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{247F51FB-99C5-4F01-8680-71E624B6322D}" = Vz In Home Agent
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50AF9AC4-6E62-405A-A269-C02B70A21E64}" = 944plc32
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6339A05-42C3-48A2-81F9-552B320A9194}" = Disney Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4C261A-B915-4F23-BD23-7E1AE5713B4E}" = Vz In Home Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Play_Mario Toolbar" = Play_Mario Toolbar
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TweakNow PowerPack 2011_is1" = TweakNow PowerPack 2011
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/24/2012 7:36:27 PM | Computer Name = DC9KK691 | Source = McLogEvent | ID = 5004
Description =

Error - 1/24/2012 7:36:27 PM | Computer Name = DC9KK691 | Source = McLogEvent | ID = 5022
Description =

Error - 1/24/2012 7:36:27 PM | Computer Name = DC9KK691 | Source = McLogEvent | ID = 5004
Description =

Error - 1/24/2012 7:36:27 PM | Computer Name = DC9KK691 | Source = McLogEvent | ID = 5022
Description =

Error - 1/26/2012 10:45:36 PM | Computer Name = DC9KK691 | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 1/30/2012 8:27:50 AM | Computer Name = DC9KK691 | Source = MsiInstaller | ID = 11704
Description = Product: Adobe AIR -- Error 1704. An installation for Adobe Reader
X (10.1.2) is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 1/30/2012 8:27:50 AM | Computer Name = DC9KK691 | Source = MsiInstaller | ID = 11101
Description = Product: Adobe AIR -- Error 1101. Error reading from file: C:\Config.Msi\7df23.rbs.
System error 32. Verify that the file exists and that you can access it.

Error - 1/30/2012 8:27:50 AM | Computer Name = DC9KK691 | Source = MsiInstaller | ID = 11712
Description = Product: Adobe AIR -- Error 1712. One or more of the files required
to restore your computer to its previous state could not be found. Restoration
will not be possible.

Error - 1/30/2012 8:27:50 AM | Computer Name = DC9KK691 | Source = MsiInstaller | ID = 11101
Description = Product: Adobe AIR -- Error 1101. Error reading from file: C:\Config.Msi\7de5b.rbs.
System error 32. Verify that the file exists and that you can access it.

Error - 1/30/2012 8:27:50 AM | Computer Name = DC9KK691 | Source = MsiInstaller | ID = 11712
Description = Product: Adobe AIR -- Error 1712. One or more of the files required
to restore your computer to its previous state could not be found. Restoration
will not be possible.

[ System Events ]
Error - 2/5/2012 2:58:31 AM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 2/5/2012 2:58:31 AM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 2/5/2012 12:20:44 PM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 2/5/2012 12:20:44 PM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 2/5/2012 12:38:28 PM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 2/5/2012 12:38:28 PM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 2/5/2012 3:00:00 PM | Computer Name = DC9KK691 | Source = Schedule | ID = 7901
Description = The At28.job command failed to start due to the following error: %%2147942405

Error - 2/5/2012 3:00:00 PM | Computer Name = DC9KK691 | Source = Schedule | ID = 7901
Description = The At29.job command failed to start due to the following error: %%2147942405

Error - 2/6/2012 12:27:18 AM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 2/6/2012 12:27:18 AM | Computer Name = DC9KK691 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053


< End of report >

OTL (part 2)

OTL logfile created on: 2/5/2012 11:33:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.66% Memory free
2.58 Gb Paging File | 2.26 Gb Available in Paging File | 87.72% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.33 Gb Total Space | 87.50 Gb Free Space | 60.63% Space Free | Partition Type: NTFS

Computer Name: DC9KK691 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/05 23:32:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/12/21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/17 23:07:22 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/07/22 08:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/27 06:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
PRC - [2005/06/21 09:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/05 14:51:45 | 001,689,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020503\algo.dll
MOD - [2012/02/04 12:03:47 | 001,689,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12020401\algo.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/06/27 06:05:06 | 000,282,624 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
MOD - [2005/06/21 09:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
MOD - [2005/06/21 09:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe
MOD - [2005/06/21 09:18:24 | 000,155,648 | ---- | M] () -- C:\WINDOWS\system32\dlcdprox.dll
MOD - [2005/06/06 04:59:00 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 944\dlcdcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/21 09:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - [2012/01/17 16:00:48 | 000,494,968 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 18:59:24 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/12/19 18:59:22 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/17 23:07:25 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/17 07:41:08 | 001,022,040 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-18\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-910154618-685303889-673547498-1018\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-910154618-685303889-673547498-1018\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\S-1-5-21-910154618-685303889-673547498-1018\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/24 18:47:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/22 20:43:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/01/29 22:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2012/01/29 22:15:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/29 22:15:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/05 11:39:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Play Mario Toolbar) - {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\prxtbPla1.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Play Mario Toolbar) - {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\prxtbPla1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\prxtbPla1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\prxtbPla1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-910154618-685303889-673547498-1018\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-910154618-685303889-673547498-1018\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-910154618-685303889-673547498-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-910154618-685303889-673547498-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-910154618-685303889-673547498-1018\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html File not found
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html File not found
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html File not found
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html File not found
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html File not found
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Gary\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/05 23:32:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/02/04 19:33:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/04 19:29:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/04 19:29:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/04 19:29:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/04 19:29:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/04 19:28:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/04 19:28:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/04 19:25:31 | 004,396,501 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/02/03 23:59:27 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Admin\Desktop\boot_cleaner.exe
[2012/02/03 23:51:37 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/02/01 22:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2012/02/01 22:40:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Videos
[2012/02/01 22:40:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Administrative Tools
[2012/02/01 19:28:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2012/01/30 07:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/01/30 07:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
[2012/01/29 22:23:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Auslogics
[2012/01/29 22:17:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/01/29 22:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/01/29 22:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/01/29 22:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/01/29 22:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/01/29 22:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Downloads
[2012/01/29 22:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2012/01/29 22:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2012/01/29 22:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2012/01/29 22:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2012/01/29 21:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Yahoo!
[2012/01/29 21:48:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Apple Computer
[2012/01/29 21:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Apple Computer
[2012/01/29 21:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Verizon
[2012/01/29 21:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\GTek
[2012/01/29 21:48:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache
[2012/01/29 21:47:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2012/01/29 21:47:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo
[2012/01/29 21:47:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2012/01/29 21:47:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites
[2012/01/29 21:47:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Accessories
[2012/01/29 21:47:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies
[2012/01/29 21:47:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates
[2012/01/29 21:47:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood
[2012/01/29 21:47:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood
[2012/01/29 21:47:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Wildtangent
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Sun
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Musicmatch
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Google
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Dell Accessories
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\Dell
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\CCWin
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\BVRP Software
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ApplicationHistory
[2012/01/29 21:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2012/01/29 21:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow PowerPack 2011
[2012/01/29 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\TweakNow PowerPack 2011
[2012/01/26 20:46:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/01/24 18:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/24 18:48:18 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/24 18:48:17 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/24 18:48:12 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/24 18:48:11 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/24 18:48:11 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/24 18:48:10 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/24 18:48:10 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/24 18:48:09 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/24 18:47:06 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/24 18:47:05 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/24 18:46:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/24 18:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/22 20:49:42 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/22 20:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/22 20:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/22 20:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/22 20:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/01/22 20:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/22 20:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/22 20:46:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/22 20:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/22 20:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2012/01/22 20:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2012/01/22 20:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS
[2012/01/22 20:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InfraRecorder
[2012/01/22 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2012/01/22 20:44:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/01/22 20:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/01/22 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/22 20:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2012/01/22 20:27:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\COMODO
[2012/01/22 20:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2012/01/22 20:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comodo
[2012/01/22 20:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/05 23:35:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{15C879A3-09D3-4DE1-9333-99CD0D79A5FB}.job
[2012/02/05 23:32:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/02/05 23:27:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/05 23:27:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/05 23:26:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/05 23:26:46 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/02/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/02/05 13:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/05 11:39:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/04 19:33:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/02/04 19:25:38 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/02/04 10:12:36 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\ListParts.exe
[2012/02/04 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/02/03 23:58:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/02/03 23:52:19 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\bootkit_remover.zip
[2012/02/03 23:51:58 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2012/02/02 21:53:27 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/02/02 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/02/02 08:51:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/01 22:20:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/02/01 19:28:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\dds.scr
[2012/02/01 19:27:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\ui1jopls.exe
[2012/01/29 22:17:25 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/01/29 21:48:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/29 21:48:15 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2012/01/29 21:48:11 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/01/24 19:13:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/24 19:03:47 | 000,522,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/24 19:03:47 | 000,101,612 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/24 18:48:10 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/23 22:17:13 | 000,004,176 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/01/22 20:49:41 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/22 20:44:31 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2012/01/22 20:43:31 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/22 19:33:17 | 000,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/17 16:00:48 | 000,494,968 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/04 19:33:21 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/02/04 19:33:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/04 19:29:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/04 19:29:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/04 19:29:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/04 19:29:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/04 19:29:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/04 10:12:34 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ListParts.exe
[2012/02/03 23:58:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MBR.dat
[2012/02/03 23:52:18 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\bootkit_remover.zip
[2012/02/01 19:27:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\ui1jopls.exe
[2012/01/29 22:17:25 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/01/29 21:48:25 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Internet Explorer.lnk
[2012/01/29 21:48:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Windows Media Player.lnk
[2012/01/29 21:48:15 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2012/01/29 21:47:58 | 000,002,007 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Games.lnk
[2012/01/29 21:47:58 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2012/01/29 21:47:58 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2012/01/29 21:47:58 | 000,001,298 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Media Center.lnk
[2012/01/29 21:47:58 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/29 21:47:58 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2012/01/29 21:47:58 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2012/01/29 21:47:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/01/29 21:47:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2012/01/29 21:47:56 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Remote Assistance.lnk
[2012/01/29 21:47:56 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Outlook Express.lnk
[2012/01/26 21:44:16 | 2137,149,440 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/22 20:45:46 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/01/22 20:44:31 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\InfraRecorder.lnk
[2012/01/22 20:43:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/22 20:43:30 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/26 10:19:57 | 000,012,042 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vomg3m414lo2n1b8788n21tn0n4xi6
[2011/06/22 01:43:46 | 000,013,162 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e
[2011/06/17 00:21:36 | 000,000,465 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sett.dat
[2011/05/24 16:28:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/08/13 23:31:53 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/08/13 23:31:53 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/08/13 23:31:26 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/08/13 23:31:25 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/08/13 23:31:24 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/03/14 14:37:13 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/12/02 19:09:58 | 000,052,604 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/27 00:22:38 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsaulwct.sys
[2009/09/27 00:18:25 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\afqfecqu.sys
[2009/09/26 21:05:26 | 000,019,863 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\revurure.scr
[2009/09/26 21:05:26 | 000,016,316 | ---- | C] () -- C:\WINDOWS\narel.sys
[2009/09/26 21:05:26 | 000,015,942 | ---- | C] () -- C:\WINDOWS\jovy.dat
[2009/09/26 15:57:49 | 000,016,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rujutupy.com
[2009/09/26 15:57:49 | 000,015,847 | ---- | C] () -- C:\Program Files\Common Files\iwen._dl
[2009/09/26 15:57:48 | 000,018,890 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mikiqi._dl
[2009/09/26 15:57:48 | 000,014,419 | ---- | C] () -- C:\Program Files\Common Files\xebazyvic.dat
[2009/09/26 15:57:48 | 000,010,370 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kipomymigi.scr
[2008/05/14 18:32:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/06 12:30:04 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/05/01 21:17:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/04/27 09:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/09/26 15:51:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/05/22 12:30:14 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2848F9865A.sys
[2006/05/22 12:30:13 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/26 13:23:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/23 23:24:08 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/02/23 18:46:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/21 23:16:58 | 000,000,129 | ---- | C] () -- C:\WINDOWS\ImgTool.INI
[2006/01/26 02:04:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/01/17 23:19:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/17 23:11:40 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/17 23:07:50 | 000,004,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/17 23:06:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/17 22:42:58 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2006/01/17 22:42:58 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2006/01/17 22:42:58 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2006/01/17 22:42:58 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2006/01/17 22:42:58 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2006/01/17 22:42:58 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoms.exe
[2006/01/17 22:42:58 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2006/01/17 22:42:58 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2006/01/17 22:42:58 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2006/01/17 22:42:58 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlcdih.exe
[2006/01/17 22:42:58 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.exe
[2006/01/17 22:42:58 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2006/01/17 22:42:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2006/01/17 22:42:58 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2006/01/17 22:42:58 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2006/01/17 22:42:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2006/01/17 22:42:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2006/01/17 22:42:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2006/01/17 22:42:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2006/01/17 22:42:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2006/01/17 22:42:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2006/01/17 22:42:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2006/01/17 22:42:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/17 22:42:12 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 05:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 05:27:59 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 05:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 05:18:33 | 000,522,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 05:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 05:18:33 | 000,101,612 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 05:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 05:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 05:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 05:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 05:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 05:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 05:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 05:18:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 18:05:54 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlcdplc.ini
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

OTL (part 3)

========== LOP Check ==========

[2012/01/29 22:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Auslogics
[2012/01/24 18:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/09/26 22:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/01/22 23:34:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/03/14 15:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2011/01/17 10:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lDgHg06511
[2010/12/18 22:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/03/14 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/12/14 16:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2006/03/01 23:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/03/14 15:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2010/07/15 21:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/26 17:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/03/21 08:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gabby catlin\Application Data\Disney Mix It Plug-in
[2010/12/08 10:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gabby catlin\Application Data\PriceGong
[2012/01/29 21:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gabby catlin\Application Data\TweakNow PowerPack 2011
[2008/09/12 22:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Disney Mix It Plug-in
[2006/02/07 06:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Leadertech
[2010/12/18 22:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\MAGIX
[2010/03/14 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PlayFirst
[2012/01/22 20:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\PriceGong
[2010/04/24 10:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gary\Application Data\Vivox
[2008/12/15 07:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/02/04 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2012/02/02 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2012/02/01 22:20:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2012/02/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2012/02/05 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2012/02/05 23:35:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{15C879A3-09D3-4DE1-9333-99CD0D79A5FB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/03 23:43:27 | 000,002,375 | ---- | M] () -- C:\aaw7boot.log
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/27 00:12:25 | 000,000,621 | ---- | M] () -- C:\avexport.bat
[2009/09/27 00:25:53 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2012/02/04 19:33:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2009/08/23 00:13:28 | 000,000,244 | ---- | M] () -- C:\Clean.bat
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/05 11:45:13 | 000,014,908 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/01/17 22:46:22 | 000,006,165 | RH-- | M] () -- C:\dell.sdr
[2011/09/02 10:18:29 | 000,007,580 | ---- | M] () -- C:\dlcd.log
[2012/02/05 23:28:37 | 000,108,261 | ---- | M] () -- C:\dlcdscan.log
[2007/03/25 10:25:21 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT
[2009/09/27 00:12:26 | 000,001,080 | ---- | M] () -- C:\grtjhpvh.bat
[2007/12/12 22:34:47 | 000,000,016 | ---- | M] () -- C:\h.txt
[2012/02/05 23:26:46 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2006/02/23 23:13:30 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/01/17 23:07:41 | 000,000,835 | -H-- | M] () -- C:\IPH.PH
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2009/08/19 11:12:36 | 000,001,120 | ---- | M] () -- C:\NTDClient.log
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/04 06:12:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/05 23:26:45 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2008/10/20 19:03:04 | 000,000,068 | ---- | M] () -- C:\regconf.ini
[2008/07/04 22:16:27 | 000,000,016 | ---- | M] () -- C:\s14g
[2008/04/13 05:28:53 | 000,000,016 | ---- | M] () -- C:\s24g
[2008/04/13 00:58:39 | 000,000,016 | ---- | M] () -- C:\s2tg
[2010/03/14 18:50:16 | 000,027,917 | ---- | M] () -- C:\scramble.log
[2008/05/06 23:09:22 | 000,000,016 | ---- | M] () -- C:\ssc
[2006/01/17 23:07:48 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2009/08/14 15:27:04 | 000,000,269 | ---- | M] () -- C:\Win.reg
[2009/09/27 00:12:26 | 000,126,976 | ---- | M] () -- C:\zip.exe

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 05:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/06/21 04:46:26 | 000,073,728 | ---- | M] (Dell, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcdPP5C.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/09/27 00:18:25 | 000,000,154 | ---- | M] () -- C:\Program Files\ofdfipxy.txt
[2006/02/23 23:24:08 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/04 06:21:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/29 21:48:22 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 05:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/02/03 23:51:58 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admin\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\Admin\Desktop\boot_cleaner.exe
[2012/02/04 19:25:38 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2012/02/04 10:12:36 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\ListParts.exe
[2012/02/05 23:32:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2012/02/01 19:27:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\ui1jopls.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/09/26 15:57:49 | 000,015,847 | ---- | M] () -- C:\Program Files\Common Files\iwen._dl
[2009/09/26 15:57:48 | 000,014,419 | ---- | M] () -- C:\Program Files\Common Files\xebazyvic.dat

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 06:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/01/29 21:48:22 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Admin\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/05 23:34:52 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Admin\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 06:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 02:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 02:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 02:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

chkdsk log

Hi Broni,

The chkdsk log generated from windows.

---------------------------------------------------

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 2/6/2012
Time: 10:29:42 PM
User: N/A
Computer: DC9KK691
Description:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Cleaning up 206 unused index entries from index $SII of file 0x9.
Cleaning up 206 unused index entries from index $SDH of file 0x9.
Cleaning up 206 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

151340332 KB total disk space.
59164872 KB in 86625 files.
33448 KB in 14751 indexes.
0 KB in bad sectors.
380428 KB in use by the system.
65536 KB occupied by the log file.
91761584 KB available on disk.

4096 bytes in each allocation unit.
37835083 total allocation units on disk.
22940396 allocation units available on disk.

Internal Info:
20 52 02 00 0b 8c 01 00 5e 30 02 00 00 00 00 00 R......^0......
4e 04 00 00 02 00 00 00 91 0a 00 00 00 00 00 00 N...............
5e 38 3c 0a 00 00 00 00 fc 74 7c 5d 00 00 00 00 ^8<......t|]....
90 b3 27 21 00 00 00 00 84 e5 f2 cb 04 00 00 00 ..'!............
9a c7 19 7b 04 00 00 00 1a 65 90 dc 09 00 00 00 ...{.....e......
c0 04 7b a6 00 00 00 00 98 38 07 00 61 52 01 00 ..{......8..aR..
00 00 00 00 00 20 23 1b 0e 00 00 00 9f 39 00 00 ..... #......9..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

OTL and Last Scans logs

Hi Broni,

I performed each of the scans you instructed me to. Eset returned zero infections. All other logs are pasted below.

Thank you for your help.

----------------------------------
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_USERS\S-1-5-21-910154618-685303889-673547498-1018\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-8398-26FADCF27386} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-8398-26FADCF27386}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Google Search\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Translate English Word\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Backward Links\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Cached Snapshot of Page\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Similar Pages\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate Page into English\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\vomg3m414lo2n1b8788n21tn0n4xi6 moved successfully.
C:\Documents and Settings\All Users\Application Data\2sj84r4yr1d5210755e moved successfully.
C:\WINDOWS\system32\drivers\fsaulwct.sys moved successfully.
C:\WINDOWS\system32\drivers\afqfecqu.sys moved successfully.
C:\Program Files\Common Files\xebazyvic.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\rujutupy.com moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\lDgHg06511\ not found.
C:\Documents and Settings\Gary\Application Data\PriceGong\tmp folder moved successfully.
C:\Documents and Settings\Gary\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\Gary\Application Data\PriceGong folder moved successfully.
C:\WINDOWS\Tasks\At25.job moved successfully.
C:\WINDOWS\Tasks\At26.job moved successfully.
C:\WINDOWS\Tasks\At27.job moved successfully.
C:\WINDOWS\Tasks\At28.job moved successfully.
C:\WINDOWS\Tasks\At29.job moved successfully.
C:\Documents and Settings\gabby catlin\Application Data\PriceGong\Data folder moved successfully.
C:\Documents and Settings\gabby catlin\Application Data\PriceGong folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 1751 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68050932 bytes
->Flash cache emptied: 456 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: gabby catlin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3857446 bytes
->Java cache emptied: 163332 bytes
->FireFox cache emptied: 8156192 bytes
->Flash cache emptied: 0 bytes

User: Gary
->Temp folder emptied: 220811487 bytes
->Temporary Internet Files folder emptied: 56353777 bytes
->Java cache emptied: 28611916 bytes
->Google Chrome cache emptied: 339115693 bytes
->Flash cache emptied: 20271 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3375238 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 10763 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7716998 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 17960 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8996 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 69234027 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 768.00 mb


[EMPTYJAVA]

User: Admin
->Java cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User

User: gabby catlin
->Java cache emptied: 0 bytes

User: Gary
->Java cache emptied: 0 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: gabby catlin
->Flash cache emptied: 0 bytes

User: Gary
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02072012_181124

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL and Last Scans logs (part 2)

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
COMODO Internet Security
McAfee Virtual Technician
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Java(TM) 6 Update 30
Java(TM) 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````


Farbar Service Scanner Version: 05-02-2012
Ran by Admin (administrator) on 07-02-2012 at 18:21:50
Running from "C:\Documents and Settings\Admin\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(9) cmdHlp(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0A00000004000000010000000200000003000000090000000A00000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

Follow Up

Computer seems to be running fast and performing as it should.

I could not find an installation of McAfee Virtual Technician in Add/Remove Programs. Is this a security risk, if so how do I remove it.

I followed all your guidlines including downloading Securnia PSI and got everything up to date as best I could except Microsoft Office 2000. Will have to see if Open Office is an viable alternative.

Thank you for your help.