TechSpot

Help making sure I removed all malware

Solved
By mrjust
Dec 18, 2010
  1. I removed some scare scare by going into safe mode and enabling hidden files and system files, and deleted with the gutman method. I also removed some trojan horses, Kkarya.exe, Ktyvia.exe, KTYVIB.EXE.

    Here is my log

    [HJT log removed - Broni]
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    Do NOT wrap logs in quotes.
     
  3. mrjust

    mrjust TS Rookie Topic Starter Posts: 18

    Sorry about the qoutes.:) My AVG Antivirus 2011 was clean.
    Here is the rest



    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-18 20:33:54
    Windows 6.1.7600
    Running: 2wcecl6n.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini 17304 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Administrator at 20:27:53.95 on Sat 12/18/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2617 [GMT -8:00]

    AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Pro Firewall *Enabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}

    ============== Running Processes ===============

    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG\AVG10\avgam.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\Administrator\Desktop\CHECK FOR VIRUSES\2wcecl6n.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Users\Administrator\Desktop\CHECK FOR VIRUSES\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\WinRAR\RarExtLoader.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    uWinlogon: Shell=C:\Users\Administrator\AppData\Roaming\protect.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Toolbar Registrar - No File
    TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
    FF - Ext: AVG Security Toolbar em:version=5.008.027.003 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-2-26 30520]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2009-10-14 800624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-18 304464]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-12 809296]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-12 24664]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-12-18 488776]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]

    =============== Created Last 30 ================

    2010-12-19 03:57:32 711168 ----a-w- C:\Windows\is-NI9Q7.exe
    2010-12-19 03:02:56 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-12-19 03:02:43 -------- d-----w- C:\Windows\pss
    2010-12-19 03:01:25 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-12-19 03:01:25 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-12-19 03:01:25 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-12-19 03:01:25 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-12-19 03:01:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-12-19 02:34:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2010-12-19 02:30:30 -------- d--h--w- C:\$AVG
    2010-12-19 02:25:59 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2010-12-19 02:25:59 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
    2010-12-19 02:25:58 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-19 02:25:57 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-12-19 02:25:57 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-12-19 02:16:35 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\AVG10
    2010-12-19 02:09:47 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\AVG Security Toolbar
    2010-12-19 02:06:17 -------- d--h--w- C:\PROGRA~3\Common Files
    2010-12-18 20:25:10 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
    2010-12-18 20:24:57 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2010-12-18 20:24:11 -------- d-----w- C:\Windows\System32\drivers\AVG
    2010-12-18 20:24:11 -------- d-----w- C:\PROGRA~3\AVG10
    2010-12-18 20:23:47 -------- d-----w- C:\Program Files (x86)\AVG
    2010-12-18 19:52:13 -------- d-----w- C:\Windows\System32\appmgmt
    2010-12-18 19:44:40 -------- d-----w- C:\PROGRA~3\MFAData
    2010-12-18 19:43:32 -------- d-----w- C:\Program Files\CCleaner

    ==================== Find3M ====================

    2010-11-10 06:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

    ============= FINISH: 20:55:11.21 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/12/2010 10:24:47 PM
    System Uptime: 12/18/2010 8:11:54 PM (0 hours ago)

    Motherboard: Hewlett-Packard | | 30FC
    Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 483/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 222 GiB total, 128.206 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 10.755 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR5007 802.11b/g WiFi Adapter
    Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_137A103C&REV_01\4&18029F41&0&0030
    Manufacturer: Atheros Communications Inc.
    Name: Atheros AR5007 802.11b/g WiFi Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_137A103C&REV_01\4&18029F41&0&0030
    Service: athr

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel

    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0028
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0028
    Service:

    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0328
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0328
    Service:

    Class GUID:
    Description:
    Device ID: ACPI\ENE0100\3&2411E6FE&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ENE0100\3&2411E6FE&1
    Service:

    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0428
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0428
    Service:

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    HijackThis 2.0.2
    ImgBurn
    InterVideo AVControlSDK
    InterVideo DeviceService
    K-Lite Codec Pack 5.7.0 (Full)
    Malwarebytes' Anti-Malware
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft XML Parser
    Mozilla Firefox (3.6)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Spybot - Search & Destroy
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Visual Studio 2008 x64 Redistributables
    WinRAR archiver
    ZoneAlarm Pro

    ==== Event Viewer Messages From Past Week ========

    12/18/2010 8:12:29 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    12/18/2010 8:12:29 PM, Error: atikmdag [43029] - Display is not active
    12/18/2010 7:04:45 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/18/2010 7:04:38 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 7:04:33 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
    12/18/2010 7:04:13 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    12/18/2010 7:04:05 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/18/2010 7:04:04 AM, Error: Service Control Manager [7034] - The Capture Device Service service terminated unexpectedly. It has done this 1 time(s).
    12/18/2010 7:04:03 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:48:53 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:48:25 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:47:44 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:47:36 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:47:22 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:47:13 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
    12/18/2010 6:46:58 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:46:48 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:46:37 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:46:11 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:46:00 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/18/2010 6:21:46 AM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    12/18/2010 6:17:23 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.109. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
    12/18/2010 6:15:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TrueVector Internet Monitor service to connect.
    12/18/2010 6:15:25 PM, Error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/18/2010 6:15:13 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    12/18/2010 6:13:28 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/18/2010 12:18:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Capture Device Service service to connect.
    12/18/2010 12:18:25 PM, Error: Service Control Manager [7000] - The Capture Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/18/2010 11:51:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2010 11:39:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/18/2010 11:39:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/18/2010 11:39:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/18/2010 11:39:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/18/2010 11:39:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/18/2010 11:39:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/18/2010 11:24:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf

    ==== End Of File ===========================


    Malwarebytes' Anti-Malware 1.44
    Database version: 3862
    Windows 6.1.7600 (Safe Mode)
    Internet Explorer 8.0.7600.16385

    12/18/2010 11:40:04 AM
    mbam-log-2010-12-18 (11-40-04).txt

    Scan type: Quick Scan
    Objects scanned: 2
    Time elapsed: 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    So far, it looks clean to me....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. mrjust

    mrjust TS Rookie Topic Starter Posts: 18

    Thanks Broni

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv7 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 159):
    0x02A0D000 \SystemRoot\system32\ntoskrnl.exe
    0x02FE9000 \SystemRoot\system32\hal.dll
    0x00B97000 \SystemRoot\system32\kdcom.dll
    0x00C41000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C4E000 \SystemRoot\system32\PSHED.dll
    0x00C62000 \SystemRoot\system32\CLFS.SYS
    0x00CC0000 \SystemRoot\system32\CI.dll
    0x00EEC000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F90000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F9F000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FF6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E5F000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E68000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E74000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E89000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00EE5000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00D80000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00D90000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00DAA000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00DB3000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00DDD000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x00DE8000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01096000 \SystemRoot\system32\drivers\fltmgr.sys
    0x010E2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x010F6000 \SystemRoot\System32\Drivers\msrpc.sys
    0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01154000 \SystemRoot\System32\Drivers\cng.sys
    0x013C2000 \SystemRoot\System32\drivers\pcw.sys
    0x013D3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0149A000 \SystemRoot\system32\drivers\ndis.sys
    0x0158C000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01603000 \SystemRoot\System32\drivers\tcpip.sys
    0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01475000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01485000 \SystemRoot\System32\Drivers\spldr.sys
    0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015EC000 \SystemRoot\System32\Drivers\mup.sys
    0x0148D000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x013DD000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x013E7000 \SystemRoot\system32\DRIVERS\disk.sys
    0x011C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01086000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
    0x00DF3000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x02AD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02B01000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
    0x02B10000 \SystemRoot\System32\Drivers\Null.SYS
    0x02B19000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02B20000 \SystemRoot\System32\drivers\vga.sys
    0x02B2E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02B53000 \SystemRoot\System32\drivers\watchdog.sys
    0x02B63000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02B6C000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02B75000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02B7E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02B89000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02B9A000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02BB8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02A00000 \SystemRoot\system32\DRIVERS\avgtdia.sys
    0x038B6000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x038FB000 \SystemRoot\system32\drivers\afd.sys
    0x03800000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x03890000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03985000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x039AB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x039C1000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x039D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x039EB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03A1A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03A6B000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03A77000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03A82000 \SystemRoot\System32\drivers\discache.sys
    0x03A91000 \SystemRoot\system32\drivers\csc.sys
    0x03B14000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03B32000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03B43000 \SystemRoot\system32\DRIVERS\avgldx64.sys
    0x03BB8000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03C04000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0421B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0430F000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04355000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04379000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x047C2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x047F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04399000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x043AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x043C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04807000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x0485A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0485C000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0486B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04870000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x0487D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04886000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04896000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x048AC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x048D0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x048DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0490B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04926000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04947000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04961000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x0496C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0496E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x049B1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x050B5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0510F000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05124000 \SystemRoot\system32\drivers\HdAudio.sys
    0x05180000 \SystemRoot\system32\drivers\portcls.sys
    0x051BD000 \SystemRoot\system32\drivers\drmk.sys
    0x051DF000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05000000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x0586C000 \SystemRoot\system32\DRIVERS\agrsm64.sys
    0x0598E000 \SystemRoot\system32\drivers\modem.sys
    0x0599D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x059BA000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x059E8000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05800000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x0580C000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x05817000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000E0000 \SystemRoot\System32\win32k.sys
    0x0582A000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05836000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00540000 \SystemRoot\System32\TSDDD.dll
    0x00600000 \SystemRoot\System32\cdd.dll
    0x05844000 \SystemRoot\system32\drivers\luafv.sys
    0x0507F000 \SystemRoot\system32\drivers\WudfPf.sys
    0x050A0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02A61000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x051E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x049C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x049DB000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    0x05267000 \SystemRoot\system32\drivers\HTTP.sys
    0x0532F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0534D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x0537A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x053C8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x053EB000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0x05EE6000 \SystemRoot\system32\drivers\peauth.sys
    0x05F8C000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x05F97000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x05FC4000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x05E00000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x05E34000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x06A87000 \SystemRoot\System32\DRIVERS\srv.sys
    0x06B1D000 \??\C:\Windows\system32\drivers\mbam.sys
    0x04656000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x06B98000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x779A0000 \Windows\System32\ntdll.dll
    0x47810000 \Windows\System32\smss.exe
    0xFFCC0000 \Windows\System32\apisetschema.dll

    Processes (total 63):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    352 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    548 csrss.exe
    616 C:\Windows\System32\wininit.exe
    628 csrss.exe
    672 C:\Windows\System32\services.exe
    684 C:\Windows\System32\lsass.exe
    692 C:\Windows\System32\lsm.exe
    784 C:\Windows\System32\svchost.exe
    848 C:\Windows\System32\winlogon.exe
    904 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\atiesrxx.exe
    332 C:\Windows\System32\svchost.exe
    488 C:\Windows\System32\svchost.exe
    552 C:\Windows\System32\svchost.exe
    744 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
    1160 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\hpservice.exe
    1320 C:\Windows\System32\atieclxx.exe
    1336 C:\Windows\System32\svchost.exe
    1392 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    1588 C:\Windows\System32\dwm.exe
    1640 C:\Windows\explorer.exe
    1880 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    1940 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    1992 C:\Windows\System32\spoolsv.exe
    2032 C:\Windows\System32\taskhost.exe
    1560 C:\Windows\System32\svchost.exe
    1932 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
    2136 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    2216 C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
    2280 C:\Windows\System32\svchost.exe
    2488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2544 C:\Program Files\IDT\WDM\sttray64.exe
    2652 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2876 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    2888 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    2984 C:\Program Files (x86)\AVG\AVG10\avgam.exe
    3028 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    3048 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    664 C:\Windows\System32\conhost.exe
    2796 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    3036 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    3188 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    3196 C:\Windows\System32\conhost.exe
    3976 C:\Windows\System32\SearchIndexer.exe
    1576 C:\Windows\System32\svchost.exe
    4084 C:\Windows\System32\svchost.exe
    3840 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    1260 C:\Windows\System32\wuauclt.exe
    3852 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    2420 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    4876 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    3748 C:\Windows\System32\taskmgr.exe
    4712 C:\Windows\System32\taskeng.exe
    3704 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4988 C:\Windows\System32\SearchProtocolHost.exe
    4388 C:\Windows\System32\SearchFilterHost.exe
    2168 C:\Windows\explorer.exe
    3400 C:\Users\Administrator\Downloads\MBRCheck.exe
    5036 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`82500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ComboFix 10-12-18.01 - Administrator 12/18/2010 22:19:43.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2847 [GMT -8:00]
    Running from: c:\users\Administrator\Downloads\ComboFix.exe
    FW: ZoneAlarm Pro Firewall *Disabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
    .

    2010-12-19 06:25 . 2010-12-19 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-19 05:29 . 2010-12-19 05:29 -------- d-----w- c:\program files (x86)\Common Files\Java
    2010-12-19 05:28 . 2010-12-19 05:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-12-19 05:28 . 2010-12-19 05:28 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-19 05:28 . 2010-12-19 05:28 -------- d-----w- c:\program files (x86)\Java
    2010-12-19 03:57 . 2010-12-19 03:57 711168 ----a-w- c:\windows\is-NI9Q7.exe
    2010-12-19 03:02 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
    2010-12-19 03:01 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
    2010-12-19 03:01 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-12-19 03:01 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-12-19 03:01 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-12-19 03:01 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2010-12-19 02:34 . 2010-12-19 02:34 -------- d-----w- c:\program files (x86)\Trend Micro
    2010-12-19 02:25 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-12-19 02:25 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
    2010-12-19 02:25 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
    2010-12-19 02:25 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
    2010-12-19 02:25 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
    2010-12-19 02:16 . 2010-12-19 02:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG10
    2010-12-19 02:06 . 2010-12-19 02:06 -------- d--h--w- c:\programdata\Common Files
    2010-12-18 20:24 . 2010-12-19 06:10 -------- d-----w- c:\programdata\AVG10
    2010-12-18 20:23 . 2010-12-18 20:23 -------- d-----w- c:\program files (x86)\AVG
    2010-12-18 19:52 . 2010-12-18 19:52 -------- d-----w- c:\windows\system32\appmgmt
    2010-12-18 19:44 . 2010-12-18 20:23 -------- d-----w- c:\programdata\MFAData
    2010-12-18 19:43 . 2010-12-18 19:43 -------- d-----w- c:\program files\CCleaner

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
    R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-27 30520]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 1114992]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,36,79,48,09,50,31,47,86,b4,c8,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,36,79,48,09,50,31,47,86,b4,c8,\

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\notepad.exe"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\AcroRd32.exe"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="Applications\\EXCEL.EXE"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-12-18 22:28:18
    ComboFix-quarantined-files.txt 2010-12-19 06:28

    Pre-Run: 137,744,359,424 bytes free
    Post-Run: 137,639,383,040 bytes free

    - - End Of File - - 499BDD5750D170FEA4F96BE3241BF495
     
  6. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Looks clean :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. mrjust

    mrjust TS Rookie Topic Starter Posts: 18

    OTL

    OTL logfile created on: 12/19/2010 11:30:12 AM - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 222.04 Gb Total Space | 127.85 Gb Free Space | 57.58% Space Free | Partition Type: NTFS
    Drive D: | 10.85 Gb Total Space | 10.76 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

    Computer Name: CASTLES-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
    PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2009/10/17 01:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    PRC - [2009/10/17 01:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2008/07/07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2006/08/11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/10/14 05:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
    MOD - [2009/06/10 13:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
    MOD - [2009/06/10 13:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/03/23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/02/26 20:34:42 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2009/10/30 15:01:08 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
    SRV:64bit: - [2009/10/14 05:30:58 | 000,800,624 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
    SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/08/27 15:25:22 | 000,488,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/12 23:38:18 | 000,607,048 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
    SRV - [2009/10/30 15:08:24 | 001,353,544 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2009/10/30 15:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
    SRV - [2009/10/17 01:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/07/07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2006/08/11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2010/03/23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2009/10/17 01:41:16 | 000,445,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
    DRV:64bit: - [2009/10/14 05:30:04 | 000,032,888 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV:64bit: - [2009/10/09 18:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/10/09 01:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV - [2009/10/14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 5E 92 32 BE 99 CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003

    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/03/12 23:07:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/12/18 22:41:06 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/12/18 22:33:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/13 19:23:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/18 21:28:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

    [2010/03/12 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
    [2010/12/18 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions
    [2010/12/18 18:08:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/06 18:31:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/12/18 22:36:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/12/18 21:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/18 21:28:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/18 18:59:54 | 000,380,726 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 13113 more lines...
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\vio\dvacm.acm File not found
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/19 11:10:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2010/12/19 11:07:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/18 22:38:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG Security Toolbar
    [2010/12/18 22:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
    [2010/12/18 22:33:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2010/12/18 22:33:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2010/12/18 22:18:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/18 22:18:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/18 22:18:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/18 22:18:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/18 22:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/18 22:17:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/18 22:17:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/12/18 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/12/18 21:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/12/18 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2010/12/18 19:02:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2010/12/18 18:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/12/18 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG10
    [2010/12/18 18:06:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2010/12/18 12:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2010/12/18 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2010/12/18 11:52:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2010/12/18 11:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2010/12/18 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/19 11:14:57 | 000,020,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/19 11:14:57 | 000,020,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/19 11:14:19 | 001,563,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/19 11:14:19 | 000,704,528 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2010/12/19 11:14:19 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/19 11:14:19 | 000,138,040 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2010/12/19 11:14:19 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/19 11:11:25 | 102,124,432 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
    [2010/12/19 11:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/19 11:06:06 | 3018,194,944 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/18 22:41:13 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2010/12/18 22:33:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2010/12/18 22:33:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2010/12/18 19:57:32 | 000,711,168 | ---- | M] () -- C:\Windows\is-NI9Q7.exe
    [2010/12/18 19:57:32 | 000,010,562 | ---- | M] () -- C:\Windows\is-NI9Q7.msg
    [2010/12/18 19:57:32 | 000,000,373 | ---- | M] () -- C:\Windows\is-NI9Q7.lst
    [2010/12/18 19:16:37 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/12/18 18:59:54 | 000,380,726 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/12/18 18:46:40 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2010/12/04 21:29:34 | 000,092,122 | ---- | M] () -- C:\Users\Administrator\Documents\lucy.mht
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/19 11:11:25 | 102,124,432 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2010/12/18 22:33:49 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2010/12/18 22:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2010/12/18 22:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2010/12/18 22:18:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/18 22:18:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/18 22:18:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/18 22:18:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/18 22:18:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/18 19:57:32 | 000,711,168 | ---- | C] () -- C:\Windows\is-NI9Q7.exe
    [2010/12/18 19:57:32 | 000,010,562 | ---- | C] () -- C:\Windows\is-NI9Q7.msg
    [2010/12/18 19:57:32 | 000,000,373 | ---- | C] () -- C:\Windows\is-NI9Q7.lst
    [2010/12/04 21:29:34 | 000,092,122 | ---- | C] () -- C:\Users\Administrator\Documents\lucy.mht
    [2010/09/02 00:28:38 | 000,000,333 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/04/30 21:25:57 | 001,564,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/03/15 18:05:55 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
    [2010/03/15 18:05:55 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
    [2010/03/15 18:05:55 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
    [2010/03/15 18:05:55 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
    [2010/03/15 18:05:55 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
    [2010/03/15 18:05:55 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
    [2010/03/12 23:35:03 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010/03/12 23:35:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2010/03/12 23:34:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2010/03/12 23:34:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/03/12 23:34:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/12/18 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG10
    [2010/03/12 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
    [2010/03/12 23:35:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
    [2010/03/15 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LEAPS
    [2010/03/15 18:16:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pegasys Inc
    [2010/03/12 23:38:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
    [2010/12/08 22:17:02 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < >

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2010/03/12 22:16:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/07/16 04:40:54 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
    [2010/12/18 22:28:18 | 000,024,493 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/12 22:39:14 | 000,203,836 | RHS- | M] () -- C:\grldr
    [2010/12/19 11:06:06 | 3018,194,944 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/19 11:06:06 | 4024,262,656 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/12 22:39:15 | 000,000,000 | RHS- | M] () -- C:\winx.ld

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/12 22:51:38 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/13 19:39:19 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/02 00:38:06 | 000,000,333 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. mrjust

    mrjust TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 12/19/2010 11:12:27 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 222.04 Gb Total Space | 127.88 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
    Drive D: | 10.85 Gb Total Space | 10.76 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

    Computer Name: CASTLES-PC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{24BEFDE1-A699-4139-B61B-B1102FDE7279}" = AVG 2011
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2011
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}" = InterVideo AVControlSDK
    "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HijackThis" = HijackThis 2.0.2
    "ImgBurn" = ImgBurn
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
    "TuneUp Utilities" = TuneUp Utilities
    "WinRAR archiver" = WinRAR archiver
    "ZoneAlarm Pro" = ZoneAlarm Pro

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/18/2010 9:14:07 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 9:14:07 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:05:47 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:05:47 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:05:47 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:05:55 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:05:56 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:06:05 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:06:05 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 12/18/2010 10:06:05 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ System Events ]
    Error - 10/25/2010 9:09:39 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/25/2010 9:09:42 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/25/2010 9:09:44 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/25/2010 9:09:47 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/25/2010 9:09:49 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/25/2010 9:09:50 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/25/2010 9:09:54 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.

    Error - 10/27/2010 2:35:20 AM | Computer Name = PABLITO-PC | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 10/27/2010 2:35:20 AM | Computer Name = PABLITO-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 10/27/2010 2:44:03 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
    Description = The following fatal alert was generated: 10. The internal error state
    is 10.


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    OTL log looks perfectly clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. mrjust

    mrjust TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    ZoneAlarm Pro
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9.4.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Spybot Teatimer.exe is disabled!
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Zone Labs ZoneAlarm zlclient.exe
    ``````````End of Log````````````

    TFL finished clean up and I restarted.

    ESET was clean :D


    O
     
  11. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Update Firefox to the current 3.6.13 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button

    ==========================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    The issue seems to be resolved...
     
  13. mrjust

    mrjust TS Rookie Topic Starter Posts: 18

    Yes sorry Broni, I was fixing a friends pc and I gave it back to him. Thank you very much for all your help and Happy Holiday:D
     
  14. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Happy New Year!!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.