Solved Help making sure I removed all malware

Status
Not open for further replies.
M

mrjust

Posts: 17   +0
I removed some scare scare by going into safe mode and enabling hidden files and system files, and deleted with the gutman method. I also removed some trojan horses, Kkarya.exe, Ktyvia.exe, KTYVIB.EXE.

Here is my log

[HJT log removed - Broni]
 

Attachments

  • hijackthis.log
    8.2 KB · Views: 1
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Do NOT wrap logs in quotes.
 
Sorry about the qoutes.:) My AVG Antivirus 2011 was clean.
Here is the rest



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-18 20:33:54
Windows 6.1.7600
Running: 2wcecl6n.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini 17304 bytes

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Administrator at 20:27:53.95 on Sat 12/18/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2617 [GMT -8:00]

AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Pro Firewall *Enabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Administrator\Desktop\CHECK FOR VIRUSES\2wcecl6n.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Users\Administrator\Desktop\CHECK FOR VIRUSES\dds.scr
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\WinRAR\RarExtLoader.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uWinlogon: Shell=C:\Users\Administrator\AppData\Roaming\protect.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ZoneAlarm Toolbar Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Toolbar Registrar - No File
TB-X64: ZoneAlarm Toolbar: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: AVG Security Toolbar em:version=5.008.027.003 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-2-26 30520]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2009-10-14 800624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-18 304464]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-12 809296]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-12 24664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-12-18 488776]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]

=============== Created Last 30 ================

2010-12-19 03:57:32 711168 ----a-w- C:\Windows\is-NI9Q7.exe
2010-12-19 03:02:56 112000 ----a-w- C:\Windows\System32\consent.exe
2010-12-19 03:02:43 -------- d-----w- C:\Windows\pss
2010-12-19 03:01:25 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-12-19 03:01:25 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-12-19 03:01:25 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-12-19 03:01:25 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-12-19 03:01:24 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-12-19 02:34:27 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-19 02:30:30 -------- d--h--w- C:\$AVG
2010-12-19 02:25:59 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2010-12-19 02:25:59 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2010-12-19 02:25:58 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-12-19 02:25:57 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-12-19 02:25:57 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-12-19 02:16:35 -------- d-----w- C:\Users\ADMINI~1\AppData\Roaming\AVG10
2010-12-19 02:09:47 -------- d-----w- C:\Users\ADMINI~1\AppData\Local\AVG Security Toolbar
2010-12-19 02:06:17 -------- d--h--w- C:\PROGRA~3\Common Files
2010-12-18 20:25:10 -------- d-----w- C:\PROGRA~3\AVG Security Toolbar
2010-12-18 20:24:57 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2010-12-18 20:24:11 -------- d-----w- C:\Windows\System32\drivers\AVG
2010-12-18 20:24:11 -------- d-----w- C:\PROGRA~3\AVG10
2010-12-18 20:23:47 -------- d-----w- C:\Program Files (x86)\AVG
2010-12-18 19:52:13 -------- d-----w- C:\Windows\System32\appmgmt
2010-12-18 19:44:40 -------- d-----w- C:\PROGRA~3\MFAData
2010-12-18 19:43:32 -------- d-----w- C:\Program Files\CCleaner

==================== Find3M ====================

2010-11-10 06:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 20:55:11.21 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2010 10:24:47 PM
System Uptime: 12/18/2010 8:11:54 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30FC
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 483/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 222 GiB total, 128.206 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 10.755 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR5007 802.11b/g WiFi Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_137A103C&REV_01\4&18029F41&0&0030
Manufacturer: Atheros Communications Inc.
Name: Atheros AR5007 802.11b/g WiFi Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_137A103C&REV_01\4&18029F41&0&0030
Service: athr

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0028
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2382&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0028
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0328
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2383&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0328
Service:

Class GUID:
Description:
Device ID: ACPI\ENE0100\3&2411E6FE&1
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\3&2411E6FE&1
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0428
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_197B&DEV_2384&SUBSYS_30FC103C&REV_00\4&2C0D0C43&0&0428
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
HijackThis 2.0.2
ImgBurn
InterVideo AVControlSDK
InterVideo DeviceService
K-Lite Codec Pack 5.7.0 (Full)
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mozilla Firefox (3.6)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Spybot - Search & Destroy
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Visual Studio 2008 x64 Redistributables
WinRAR archiver
ZoneAlarm Pro

==== Event Viewer Messages From Past Week ========

12/18/2010 8:12:29 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
12/18/2010 8:12:29 PM, Error: atikmdag [43029] - Display is not active
12/18/2010 7:04:45 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/18/2010 7:04:38 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 7:04:33 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 7:04:13 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 7:04:05 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/18/2010 7:04:04 AM, Error: Service Control Manager [7034] - The Capture Device Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 7:04:03 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:48:53 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:48:25 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:47:44 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:47:36 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:47:22 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:47:13 AM, Error: Service Control Manager [7034] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 3 time(s).
12/18/2010 6:46:58 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:46:48 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:46:37 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:46:11 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:46:00 AM, Error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/18/2010 6:21:46 AM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
12/18/2010 6:17:23 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.109. The computer with the IP address 192.168.1.103 did not allow the name to be claimed by this computer.
12/18/2010 6:15:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TrueVector Internet Monitor service to connect.
12/18/2010 6:15:25 PM, Error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2010 6:15:13 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/18/2010 6:13:28 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/18/2010 12:18:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Capture Device Service service to connect.
12/18/2010 12:18:25 PM, Error: Service Control Manager [7000] - The Capture Device Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/18/2010 11:51:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2010 11:39:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/18/2010 11:39:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/18/2010 11:39:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/18/2010 11:39:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/18/2010 11:39:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/18/2010 11:39:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/18/2010 11:39:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf
12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2010 11:39:11 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 11:39:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/18/2010 11:24:05 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf

==== End Of File ===========================


Malwarebytes' Anti-Malware 1.44
Database version: 3862
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

12/18/2010 11:40:04 AM
mbam-log-2010-12-18 (11-40-04).txt

Scan type: Quick Scan
Objects scanned: 2
Time elapsed: 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
So far, it looks clean to me....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks Broni

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 159):
0x02A0D000 \SystemRoot\system32\ntoskrnl.exe
0x02FE9000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C41000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C4E000 \SystemRoot\system32\PSHED.dll
0x00C62000 \SystemRoot\system32\CLFS.SYS
0x00CC0000 \SystemRoot\system32\CI.dll
0x00EEC000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F90000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F9F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FF6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E4A000 \SystemRoot\System32\drivers\partmgr.sys
0x00E5F000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E68000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E74000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E89000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EE5000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00D80000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D90000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DAA000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DDD000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DE8000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01096000 \SystemRoot\system32\drivers\fltmgr.sys
0x010E2000 \SystemRoot\system32\drivers\fileinfo.sys
0x01205000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010F6000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01154000 \SystemRoot\System32\Drivers\cng.sys
0x013C2000 \SystemRoot\System32\drivers\pcw.sys
0x013D3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0149A000 \SystemRoot\system32\drivers\ndis.sys
0x0158C000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01603000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01475000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01485000 \SystemRoot\System32\Drivers\spldr.sys
0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015EC000 \SystemRoot\System32\Drivers\mup.sys
0x0148D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x013DD000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x00C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013E7000 \SystemRoot\system32\DRIVERS\disk.sys
0x011C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01086000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x00DF3000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x02AD7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B01000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x02B10000 \SystemRoot\System32\Drivers\Null.SYS
0x02B19000 \SystemRoot\System32\Drivers\Beep.SYS
0x02B20000 \SystemRoot\System32\drivers\vga.sys
0x02B2E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B53000 \SystemRoot\System32\drivers\watchdog.sys
0x02B63000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B6C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B75000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02B7E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02B89000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02B9A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BB8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02A00000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x038B6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x038FB000 \SystemRoot\system32\drivers\afd.sys
0x03800000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x03890000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03985000 \SystemRoot\system32\DRIVERS\pacer.sys
0x039AB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x039C1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x039D0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x039EB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A1A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03A6B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03A77000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03A82000 \SystemRoot\System32\drivers\discache.sys
0x03A91000 \SystemRoot\system32\drivers\csc.sys
0x03B14000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B32000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B43000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x03BB8000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03C04000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0421B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0430F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04355000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04379000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x047C2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x047F4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04399000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x043AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x043C8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04807000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0485A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0485C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0486B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04870000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x0487D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04886000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04896000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x048AC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x048D0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x048DC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0490B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04926000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04947000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04961000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0496C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0496E000 \SystemRoot\system32\DRIVERS\ks.sys
0x049B1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x050B5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0510F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05124000 \SystemRoot\system32\drivers\HdAudio.sys
0x05180000 \SystemRoot\system32\drivers\portcls.sys
0x051BD000 \SystemRoot\system32\drivers\drmk.sys
0x051DF000 \SystemRoot\system32\drivers\ksthunk.sys
0x05000000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0586C000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x0598E000 \SystemRoot\system32\drivers\modem.sys
0x0599D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x059BA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x059E8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05800000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0580C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x05817000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x0582A000 \SystemRoot\System32\drivers\Dxapi.sys
0x05836000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00540000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x05844000 \SystemRoot\system32\drivers\luafv.sys
0x0507F000 \SystemRoot\system32\drivers\WudfPf.sys
0x050A0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A61000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x051E5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x049C3000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x049DB000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x05267000 \SystemRoot\system32\drivers\HTTP.sys
0x0532F000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0534D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0537A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x053C8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x053EB000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x05EE6000 \SystemRoot\system32\drivers\peauth.sys
0x05F8C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05F97000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05FC4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05E00000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x05E34000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A87000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B1D000 \??\C:\Windows\system32\drivers\mbam.sys
0x04656000 \SystemRoot\system32\DRIVERS\athrx.sys
0x06B98000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x779A0000 \Windows\System32\ntdll.dll
0x47810000 \Windows\System32\smss.exe
0xFFCC0000 \Windows\System32\apisetschema.dll

Processes (total 63):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
352 C:\PROGRA~2\AVG\AVG10\avgchsva.exe
548 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
672 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
784 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\atiesrxx.exe
332 C:\Windows\System32\svchost.exe
488 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
1160 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\hpservice.exe
1320 C:\Windows\System32\atieclxx.exe
1336 C:\Windows\System32\svchost.exe
1392 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1588 C:\Windows\System32\dwm.exe
1640 C:\Windows\explorer.exe
1880 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1940 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
1992 C:\Windows\System32\spoolsv.exe
2032 C:\Windows\System32\taskhost.exe
1560 C:\Windows\System32\svchost.exe
1932 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
2136 C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
2216 C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
2280 C:\Windows\System32\svchost.exe
2488 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2544 C:\Program Files\IDT\WDM\sttray64.exe
2652 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2876 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
2888 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
2984 C:\Program Files (x86)\AVG\AVG10\avgam.exe
3028 C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
3048 C:\Program Files (x86)\AVG\AVG10\avgemca.exe
664 C:\Windows\System32\conhost.exe
2796 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3036 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
3188 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3196 C:\Windows\System32\conhost.exe
3976 C:\Windows\System32\SearchIndexer.exe
1576 C:\Windows\System32\svchost.exe
4084 C:\Windows\System32\svchost.exe
3840 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
1260 C:\Windows\System32\wuauclt.exe
3852 C:\PROGRA~2\AVG\AVG10\avgrsa.exe
2420 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
4876 C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
3748 C:\Windows\System32\taskmgr.exe
4712 C:\Windows\System32\taskeng.exe
3704 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4988 C:\Windows\System32\SearchProtocolHost.exe
4388 C:\Windows\System32\SearchFilterHost.exe
2168 C:\Windows\explorer.exe
3400 C:\Users\Administrator\Downloads\MBRCheck.exe
5036 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`82500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

ComboFix 10-12-18.01 - Administrator 12/18/2010 22:19:43.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2847 [GMT -8:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
FW: ZoneAlarm Pro Firewall *Disabled* {EE2E17FA-9876-3544-62EC-0405AD5FFB20}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 )))))))))))))))))))))))))))))))
.

2010-12-19 06:25 . 2010-12-19 06:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-19 05:29 . 2010-12-19 05:29 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-19 05:28 . 2010-12-19 05:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-19 05:28 . 2010-12-19 05:28 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-19 05:28 . 2010-12-19 05:28 -------- d-----w- c:\program files (x86)\Java
2010-12-19 03:57 . 2010-12-19 03:57 711168 ----a-w- c:\windows\is-NI9Q7.exe
2010-12-19 03:02 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2010-12-19 03:01 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2010-12-19 03:01 . 2010-08-27 03:38 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-12-19 03:01 . 2010-08-27 03:37 402944 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-12-19 03:01 . 2010-08-27 03:37 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-12-19 03:01 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-12-19 02:34 . 2010-12-19 02:34 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-19 02:25 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-12-19 02:25 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2010-12-19 02:25 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-19 02:25 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
2010-12-19 02:25 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2010-12-19 02:16 . 2010-12-19 02:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\AVG10
2010-12-19 02:06 . 2010-12-19 02:06 -------- d--h--w- c:\programdata\Common Files
2010-12-18 20:24 . 2010-12-19 06:10 -------- d-----w- c:\programdata\AVG10
2010-12-18 20:23 . 2010-12-18 20:23 -------- d-----w- c:\program files (x86)\AVG
2010-12-18 19:52 . 2010-12-18 19:52 -------- d-----w- c:\windows\system32\appmgmt
2010-12-18 19:44 . 2010-12-18 20:23 -------- d-----w- c:\programdata\MFAData
2010-12-18 19:43 . 2010-12-18 19:43 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-10-30 1353544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-02-27 30520]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 32888]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-14 800624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 24664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 1114992]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: ZoneAlarm Toolbar: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-HijackThis - c:\program files (x86)\Trend Micro\HijackThis\HijackThis.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,36,79,48,09,50,31,47,86,b4,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,36,79,48,09,50,31,47,86,b4,c8,\

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRd32.exe"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-895072457-3393114567-1473511929-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EXCEL.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-18 22:28:18
ComboFix-quarantined-files.txt 2010-12-19 06:28

Pre-Run: 137,744,359,424 bytes free
Post-Run: 137,639,383,040 bytes free

- - End Of File - - 499BDD5750D170FEA4F96BE3241BF495
 
Looks clean :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL

OTL logfile created on: 12/19/2010 11:30:12 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.04 Gb Total Space | 127.85 Gb Free Space | 57.58% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 10.76 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

Computer Name: CASTLES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:56:48 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/17 01:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/10/17 01:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/08/11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/10/14 05:30:36 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2009/06/10 13:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 13:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/26 20:34:42 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/10/30 15:01:08 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009/10/14 05:30:58 | 000,800,624 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/08/27 15:25:22 | 000,488,776 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/12 23:38:18 | 000,607,048 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/30 15:08:24 | 001,353,544 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 15:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/10/17 01:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/07 09:42:02 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/08/11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/13 16:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 03:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 03:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 03:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/19 21:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 21:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/16 14:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 14:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/03/23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/10/17 01:41:16 | 000,445,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/14 05:30:04 | 000,032,888 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2009/10/09 18:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/09 01:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/10/14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 5E 92 32 BE 99 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/03/12 23:07:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/12/18 22:41:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/12/18 22:33:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/13 19:23:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/18 21:28:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/03/12 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2010/12/18 22:36:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions
[2010/12/18 18:08:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/06 18:31:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lb7aahmj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/12/18 22:36:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/18 21:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/18 21:28:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/18 18:59:54 | 000,380,726 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 13113 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\vio\dvacm.acm File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/12/19 11:10:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/12/19 11:07:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/18 22:38:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG Security Toolbar
[2010/12/18 22:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/12/18 22:33:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2010/12/18 22:33:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010/12/18 22:18:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/18 22:18:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/18 22:18:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/18 22:18:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/18 22:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/18 22:17:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/18 22:17:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/12/18 21:29:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/12/18 21:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/12/18 21:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/12/18 19:02:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/12/18 18:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/12/18 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG10
[2010/12/18 18:06:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/12/18 12:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/12/18 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/12/18 11:52:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/12/18 11:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/12/18 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/19 11:14:57 | 000,020,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/19 11:14:57 | 000,020,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/19 11:14:19 | 001,563,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/19 11:14:19 | 000,704,528 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2010/12/19 11:14:19 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/19 11:14:19 | 000,138,040 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2010/12/19 11:14:19 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/19 11:11:25 | 102,124,432 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010/12/19 11:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/19 11:06:06 | 3018,194,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/18 22:41:13 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/18 22:33:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/12/18 22:33:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/12/18 19:57:32 | 000,711,168 | ---- | M] () -- C:\Windows\is-NI9Q7.exe
[2010/12/18 19:57:32 | 000,010,562 | ---- | M] () -- C:\Windows\is-NI9Q7.msg
[2010/12/18 19:57:32 | 000,000,373 | ---- | M] () -- C:\Windows\is-NI9Q7.lst
[2010/12/18 19:16:37 | 000,416,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/18 18:59:54 | 000,380,726 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/12/18 18:46:40 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/12/04 21:29:34 | 000,092,122 | ---- | M] () -- C:\Users\Administrator\Documents\lucy.mht
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/19 11:11:25 | 102,124,432 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010/12/18 22:33:49 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/12/18 22:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2010/12/18 22:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2010/12/18 22:18:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/18 22:18:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/18 22:18:23 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/18 22:18:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/18 22:18:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/18 19:57:32 | 000,711,168 | ---- | C] () -- C:\Windows\is-NI9Q7.exe
[2010/12/18 19:57:32 | 000,010,562 | ---- | C] () -- C:\Windows\is-NI9Q7.msg
[2010/12/18 19:57:32 | 000,000,373 | ---- | C] () -- C:\Windows\is-NI9Q7.lst
[2010/12/04 21:29:34 | 000,092,122 | ---- | C] () -- C:\Users\Administrator\Documents\lucy.mht
[2010/09/02 00:28:38 | 000,000,333 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/04/30 21:25:57 | 001,564,496 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/15 18:05:55 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010/03/15 18:05:55 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010/03/15 18:05:55 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010/03/15 18:05:55 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010/03/15 18:05:55 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010/03/15 18:05:55 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010/03/12 23:35:03 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/03/12 23:35:01 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/03/12 23:34:50 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/03/12 23:34:50 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/03/12 23:34:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/12/18 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG10
[2010/03/12 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
[2010/03/12 23:35:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ImgBurn
[2010/03/15 18:17:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LEAPS
[2010/03/15 18:16:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pegasys Inc
[2010/03/12 23:38:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010/12/08 22:17:02 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/12 22:16:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/16 04:40:54 | 000,003,304 | ---- | M] () -- C:\bootsqm.dat
[2010/12/18 22:28:18 | 000,024,493 | ---- | M] () -- C:\ComboFix.txt
[2010/03/12 22:39:14 | 000,203,836 | RHS- | M] () -- C:\grldr
[2010/12/19 11:06:06 | 3018,194,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/19 11:06:06 | 4024,262,656 | -HS- | M] () -- C:\pagefile.sys
[2010/03/12 22:39:15 | 000,000,000 | RHS- | M] () -- C:\winx.ld

< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/12 22:51:38 | 000,000,221 | -HS- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/12/19 11:11:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/13 19:39:19 | 000,000,402 | -HS- | M] () -- C:\Users\Administrator\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/02 00:38:06 | 000,000,333 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 12/19/2010 11:12:27 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.04 Gb Total Space | 127.88 Gb Free Space | 57.60% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 10.76 Gb Free Space | 99.16% Space Free | Partition Type: NTFS

Computer Name: CASTLES-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24BEFDE1-A699-4139-B61B-B1102FDE7279}" = AVG 2011
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}" = InterVideo AVControlSDK
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"TuneUp Utilities" = TuneUp Utilities
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Pro" = ZoneAlarm Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2010 9:14:07 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 9:14:07 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:05:47 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:05:47 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:05:47 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:05:55 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:05:56 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:06:05 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:06:05 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 12/18/2010 10:06:05 PM | Computer Name = PABLITO-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 10/25/2010 9:09:39 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/25/2010 9:09:42 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/25/2010 9:09:44 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/25/2010 9:09:47 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/25/2010 9:09:49 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/25/2010 9:09:50 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/25/2010 9:09:54 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 10/27/2010 2:35:20 AM | Computer Name = PABLITO-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 10/27/2010 2:35:20 AM | Computer Name = PABLITO-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 10/27/2010 2:44:03 AM | Computer Name = PABLITO-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.


< End of report >
 
OTL log looks perfectly clean :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
ZoneAlarm Pro
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

TFL finished clean up and I restarted.

ESET was clean :D


O
 
Update Firefox to the current 3.6.13 version.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button

==========================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Yes sorry Broni, I was fixing a friends pc and I gave it back to him. Thank you very much for all your help and Happy Holiday:D
 
Status
Not open for further replies.

Similar threads

J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
480
eriksnyman1
E
Cal Jeffrey
At least three studios allegedly removed DLSS support before launch due to AMD sponsorships
2 3
Replies
56
Views
2K
b3rdm4n
b3rdm4n

Latest posts

Back