also @ TechSpot: Blizzard talks Diablo 3 facts, nerfing and buffs for legendary items

TechSpot

[Solved] IE8 and Google Chrome redirects

Discussion in 'Virus and Malware Removal' started by spanner monkey, Dec 24, 2011.

Page 2 of 2

  1. spanner monkey Newcomer, in training

    rootkit unhooker

    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xBFB05000 C:\WINDOWS\System32\ati3duag.dll 3067904 bytes (ATI Technologies Inc. , ati3duag.dll)
    0xF6F51000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2580480 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1847296 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xBFDF2000 C:\WINDOWS\System32\ativvaxx.dll 1552384 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
    0xEC638000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
    0xF6E2A000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
    0xEC4EE000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
    0xEC43B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0xF7267000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xBAE22000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xBFA1B000 C:\WINDOWS\System32\ati2cqag.dll 450560 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
    0xF6CB2000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xBAF74000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xB84FF000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0xBFA89000 C:\WINDOWS\System32\atikvmag.dll 331776 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
    0xBFF6D000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xBAF2D000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0xBF9D5000 C:\WINDOWS\System32\ati2dvag.dll 286720 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
    0xBAD1E000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0xEC5E0000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0xF6D10000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xF73A3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xB85A1000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xF723A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xBFADA000 C:\WINDOWS\System32\atiok3x2.dll 176128 bytes (ATI Technologies Inc., Ring 0 x2 component)
    0xF6DFF000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
    0xBAE92000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xF6D90000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xBAEDF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xBAF07000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xEC614000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xF6DDB000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xF6DB8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xBAEBD000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xB81D4000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
    0xF731D000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xF7355000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xF7374000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
    0xF7220000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xF733D000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xBAD06000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xF72F4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xF6D79000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xB830A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xF6F3D000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xBAFCD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF9C3000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xF730B000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xF7392000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xF6D40000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xF7652000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xF76F2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xF7552000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
    0xF74E2000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0xF7722000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xF7632000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
    0xF75E2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xF7702000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xB8706000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xF75D2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xF74F2000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0xF7532000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xF7712000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xF7732000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xF7512000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xF75F2000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0xF7562000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xF7622000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xF76E2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xF7502000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xF7742000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xF74D2000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xF7592000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xF7582000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xB8437000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0xF7522000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xF7572000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xF7612000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xF76D2000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xF7602000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xF7862000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
    0xF78A2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xF782A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xF7762000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0xF7752000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xF7832000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xF7842000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xF783A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xF7892000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xF78C2000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
    0xF7812000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
    0xF789A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xF775A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xF7852000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xF785A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xF784A000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xF7822000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
    0xF78B2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xF78EE000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
    0xF78EA000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
    0xF79A2000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0xF71E8000 C:\WINDOWS\system32\DRIVERS\lgvmodem.sys 16384 bytes (LG Electronics Inc., LG Virtual Modem Driver)
    0xB89E2000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
    0xB855D000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0xF79C6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xB88EE000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xF799E000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xF78E2000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xF78E6000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0xF68B4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xF79CA000 C:\WINDOWS\system32\DRIVERS\lgbtbus.sys 12288 bytes (LG Electronics Inc., LG BT Bus Enumerator)
    0xF71E4000 C:\WINDOWS\system32\DRIVERS\lgbtport.sys 12288 bytes (LG Electronics Inc., LG Bluetooth Transport Driver)
    0xF79AA000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xF7982000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xF79A6000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0xF79FC000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xF7A0A000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xF79FA000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xF79D2000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xF79FE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xF7A00000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xF79F2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xF79F4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xF79D4000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xF7B41000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xF7BA6000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xF7AE6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xF7A9A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    ==============================================
    >Stealth
    ==============================================


    Nothing detected :(
    spanner monkey, Dec 29, 2011
    #21

  2. spanner monkey Newcomer, in training

    Hi
    Yes the redirects are gone. Do you see any other virus?
    spanner monkey, Dec 29, 2011
    #22

  3. Broni Malware Annihilator

    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Dec 29, 2011
    #23

  4. spanner monkey Newcomer, in training

    Extras.Txt log

    OTL Extras logfile created on: 29/12/2011 20:22:11 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daddy (ipod)\My Documents\Downloads\PC CLEANUP Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    894.25 Mb Total Physical Memory | 214.67 Mb Available Physical Memory | 24.01% Memory free
    2.12 Gb Paging File | 1.37 Gb Available in Paging File | 64.68% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 40.46 Gb Free Space | 54.29% Space Free | Partition Type: NTFS

    Computer Name: USER-599DAAA9C5 | User Name: Daddy (ipod) | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "28728:UDP" = 28728:UDP:*:Enabled:UDP 28728
    "26191:TCP" = 26191:TCP:*:Enabled:TCP 26191
    "23124:UDP" = 23124:UDP:*:Enabled:UDP 23124
    "18911:TCP" = 18911:TCP:*:Enabled:TCP 18911

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 27
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
    "{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
    "{B3F6591E-D615-4123-87B1-49E7DEDD2F66}" = OOo-dev 3.3
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
    "{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 4.004
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AVG" = AVG 2011
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
    "ie8" = Windows Internet Explorer 8
    "LG PC Suite IV" = LG PC Suite IV
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Music Editor Free" = Music Editor Free
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 29/12/2011 12:13:02 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8344

    Error - 29/12/2011 12:13:02 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8344

    Error - 29/12/2011 12:13:04 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 29/12/2011 12:13:04 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10297

    Error - 29/12/2011 12:13:04 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10297

    Error - 29/12/2011 12:13:06 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 29/12/2011 12:13:06 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 12250

    Error - 29/12/2011 12:13:06 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 12250

    Error - 29/12/2011 12:13:13 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 29/12/2011 12:13:13 | Computer Name = USER-599DAAA9C5 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 19766

    [ System Events ]
    Error - 29/12/2011 10:29:12 | Computer Name = USER-599DAAA9C5 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Windows Installer service
    to connect.

    Error - 29/12/2011 10:29:12 | Computer Name = USER-599DAAA9C5 | Source = Service Control Manager | ID = 7000
    Description = The Windows Installer service failed to start due to the following
    error: %%1053

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At1.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At2.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At3.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At4.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At5.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At6.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At7.job command failed to start due to the following error: %%2147942402

    Error - 29/12/2011 12:00:00 | Computer Name = USER-599DAAA9C5 | Source = Schedule | ID = 7901
    Description = The At8.job command failed to start due to the following error: %%2147942402


    < End of report >
    spanner monkey, Dec 29, 2011
    #24

  5. spanner monkey Newcomer, in training

    OTL.Txt (2 parts)

    OTL logfile created on: 29/12/2011 20:22:11 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Daddy (ipod)\My Documents\Downloads\PC CLEANUP Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    894.25 Mb Total Physical Memory | 214.67 Mb Available Physical Memory | 24.01% Memory free
    2.12 Gb Paging File | 1.37 Gb Available in Paging File | 64.68% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 40.46 Gb Free Space | 54.29% Space Free | Partition Type: NTFS

    Computer Name: USER-599DAAA9C5 | User Name: Daddy (ipod) | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/29 20:19:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daddy (ipod)\My Documents\Downloads\PC CLEANUP Programs\OTL.exe
    PRC - [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/08/05 16:11:28 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OOo-dev 3\program\soffice.bin
    PRC - [2010/08/05 16:11:26 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OOo-dev 3\program\soffice.exe
    PRC - [2010/03/05 09:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) -- C:\WINDOWS\system32\LGScsiCommandService.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
    PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/07 11:16:28 | 000,411,192 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll
    MOD - [2011/12/07 11:16:27 | 003,767,864 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
    MOD - [2011/12/07 11:14:56 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avutil-51.dll
    MOD - [2011/12/07 11:14:55 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avformat-53.dll
    MOD - [2011/12/07 11:14:53 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\avcodec-53.dll
    MOD - [2011/12/07 07:22:33 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2011/01/18 10:03:44 | 000,985,088 | ---- | M] () -- C:\Program Files\OOo-dev 3\program\libxml2.dll
    MOD - [2009/01/18 15:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
    MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/03/05 09:50:19 | 000,047,616 | R--- | M] (Mobile Leader Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\system32\LGScsiCommandService.exe -- (LGScsiCommandService)
    SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/01/21 00:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2010/01/21 00:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2010/01/21 00:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2009/09/29 08:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtport.sys -- (LgBttPort)
    DRV - [2009/09/29 08:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgvmodem.sys -- (LGVMODEM)
    DRV - [2009/09/29 08:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lgbtbus.sys -- (lgbusenum)
    DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/07/27 23:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startsearcher.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 75 B3 0F DB D2 CB 01 [binary data]
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/09/15 10:49:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/29 14:31:17 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: Google Search = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

    O1 HOSTS File: ([2011/12/28 10:42:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth File not found
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\Daddy (ipod)\Start Menu\Programs\Startup\OOo-dev 3.3.lnk = C:\Program Files\OOo-dev 3\program\quickstart.exe ()
    O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OOo-dev 3.3.lnk = C:\Program Files\OOo-dev 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F8681CA-224B-42A6-AF90-71D9505E0919}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/01/18 09:24:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/29 17:56:27 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2011/12/29 10:41:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/12/29 10:24:41 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/12/28 13:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\AVG10
    [2011/12/28 12:32:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/12/28 10:14:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/28 10:07:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/28 10:07:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/28 10:07:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/28 10:07:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/28 10:06:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/28 10:06:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/25 08:51:49 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Daddy (ipod)\Desktop\dds.pif
    [2011/12/25 08:51:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
    [2011/12/25 08:47:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Daddy (ipod)\My Documents\My Videos
    [2011/12/24 23:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Malwarebytes
    [2011/12/24 23:51:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/24 23:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/12/24 23:51:34 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/12/24 23:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/24 23:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\SumatraPDF
    [2011/12/24 23:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Start Menu\Programs\PDF Reader
    [2011/12/24 23:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFReader
    [2011/12/07 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Yhsygax
    [2011/12/07 20:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Wey
    [2011/11/30 23:05:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/11/30 23:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/11/30 23:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/29 20:23:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003UA.job
    [2011/12/29 20:23:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1003Core.job
    [2011/12/29 20:14:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/29 19:45:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1004UA.job
    [2011/12/29 17:57:51 | 000,034,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    [2011/12/29 14:28:12 | 141,758,493 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2011/12/29 10:57:27 | 000,459,420 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/29 10:57:27 | 000,076,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/29 10:53:54 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/29 10:52:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/28 22:45:03 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1659004503-1801674531-1004Core.job
    spanner monkey, Dec 29, 2011
    #25

  6. spanner monkey Newcomer, in training

    OTL.Txt (2nd part)

    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
    [2011/12/28 22:35:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
    [2011/12/28 13:04:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/28 10:42:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/26 16:55:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/26 11:37:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
    [2011/12/25 22:27:02 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
    [2011/12/25 08:51:44 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Daddy (ipod)\Desktop\dds.pif
    [2011/12/24 23:52:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/24 23:36:22 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Desktop\PDF Reader.lnk
    [2011/12/18 14:02:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2011/12/17 14:52:59 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/12/17 14:52:58 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Desktop\Google Chrome.lnk
    [2011/12/17 14:37:19 | 003,447,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/12/14 22:21:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/14 18:56:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/12/11 11:14:01 | 000,023,932 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/11/30 23:05:30 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/28 10:14:22 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/12/28 10:14:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/28 10:07:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/28 10:07:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/28 10:07:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/28 10:07:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/28 10:07:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/24 23:52:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/24 23:36:22 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Daddy (ipod)\Desktop\PDF Reader.lnk
    [2011/12/15 19:34:51 | 000,007,731 | ---- | C] () -- C:\Documents and Settings\Daddy (ipod)\My Documents\2-75664CF7-2454911-800.jpg
    [2011/11/30 23:05:30 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/08/31 16:42:25 | 000,078,896 | ---- | C] () -- C:\WINDOWS\hpfins05.dat.temp
    [2011/08/31 16:42:24 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat.temp
    [2011/08/30 08:04:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
    [2011/08/26 21:19:02 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\hkcl5t.exe
    [2011/08/26 21:19:02 | 000,000,000 | -HS- | C] () -- C:\Program Files\hkcl5t.exe
    [2011/04/09 06:19:03 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/30 20:35:57 | 000,023,932 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/03/09 19:15:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2011/03/06 19:29:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/02/28 20:49:07 | 000,077,919 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
    [2011/02/28 20:49:06 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
    [2011/02/28 20:35:41 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
    [2011/02/28 20:35:41 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2011/01/18 09:27:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/01/18 09:20:26 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/01/18 09:09:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/01/18 09:07:53 | 003,447,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/04 23:59:32 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
    [2008/04/14 04:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
    [2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2003/06/20 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/06/20 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/06/20 12:00:00 | 000,459,420 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/06/20 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/06/20 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/06/20 12:00:00 | 000,076,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/06/20 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/06/20 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/06/20 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/06/20 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    ========== LOP Check ==========

    [2011/12/29 14:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/08/25 12:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2011/02/16 21:12:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/08/28 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FUJIFILM
    [2011/12/28 21:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/08/25 13:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2011/02/22 21:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/08/27 21:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Aprox
    [2011/11/16 21:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Aqcua
    [2011/12/28 13:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\AVG10
    [2011/08/25 14:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/11/09 20:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Dypuf
    [2011/08/31 17:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\ElevatedDiagnostics
    [2011/10/08 20:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Get from YouTube
    [2011/11/10 16:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Hatiel
    [2011/11/16 21:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Iwoc
    [2011/08/31 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Lewiuk
    [2011/02/22 22:03:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Macroplant, LLC
    [2011/10/09 08:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Music Editor Free
    [2011/05/06 19:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\OOo-dev
    [2011/06/16 17:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\OpenOffice.org
    [2011/11/05 21:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Oqud
    [2011/11/18 15:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Paagdu
    [2011/12/24 23:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Poaxu
    [2011/11/16 21:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Qoed
    [2011/12/24 23:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\SumatraPDF
    [2011/12/24 23:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Teewxu
    [2011/12/24 23:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Teihpy
    [2011/12/20 23:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\uTorrent
    [2011/12/07 20:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Wey
    [2011/12/07 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Yhsygax
    [2011/11/17 18:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Ytan
    [2011/11/16 22:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy (ipod)\Application Data\Yvxe
    [2011/11/05 21:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Acfivy
    [2011/12/24 23:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Lafus
    [2011/08/31 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Lyhaet
    [2011/06/02 20:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\OOo-dev
    [2011/08/31 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Toet
    [2011/03/26 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\AVG10
    [2011/06/22 18:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\OOo-dev
    [2011/08/31 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Cexua
    [2011/11/05 09:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Edyrok
    [2011/02/16 16:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OOo-dev
    [2011/12/11 12:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
    [2011/08/31 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Woleaq
    [2011/11/11 20:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ybowp
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
    [2011/12/25 22:27:02 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
    [2011/12/28 22:35:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
    [2011/12/25 22:23:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
    [2011/12/25 22:27:03 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
    [2011/12/25 22:31:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
    [2011/12/28 22:35:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
    [2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
    [2011/12/25 22:19:00 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/01/18 09:24:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/01/18 09:17:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/12/28 13:04:35 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/01/18 09:24:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/01/18 09:24:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/12/03 08:53:31 | 000,000,405 | ---- | M] () -- C:\moduleName.txt
    [2011/01/18 09:24:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/04/13 21:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/13 23:01:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/29 10:52:39 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
    [2011/12/28 12:25:42 | 000,000,904 | ---- | M] () -- C:\rkill.log
    [2011/12/26 16:53:04 | 000,048,280 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_26.12.2011_16.52.00_log.txt
    [2011/12/26 17:04:43 | 000,047,568 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_26.12.2011_17.02.35_log.txt
    [2011/12/26 17:06:00 | 000,001,844 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_26.12.2011_17.04.50_log.txt
    [2011/12/26 17:06:39 | 000,001,844 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_26.12.2011_17.06.34_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2011/01/18 09:23:45 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/04/08 19:43:36 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
    [2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/16 23:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/08/26 21:19:02 | 000,000,000 | -HS- | M] () -- C:\Program Files\hkcl5t.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2011/01/18 09:06:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2011/01/18 09:06:59 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2011/01/18 09:06:59 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/01/18 09:24:19 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/02/22 21:53:56 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Daddy (ipod)\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/02/22 21:53:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/02/22 21:53:56 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Daddy (ipod)\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/29 20:19:35 | 000,147,456 | ---- | M] () -- C:\Documents and Settings\Daddy (ipod)\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 04:42:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2007/04/02 22:37:24 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2007/04/02 23:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/04/14 05:42:00 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 05:42:30 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2003/06/20 12:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2003/06/20 12:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2003/06/20 12:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2007/04/02 23:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2007/04/02 23:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
    spanner monkey, Dec 29, 2011
    #26

  7. Broni Malware Annihilator

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-861567501-1659004503-1801674531-1004..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth File not found
[2011/12/29 16:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\*.job
[2011/08/26 21:19:02 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\hkcl5t.exe
[2011/08/26 21:19:02 | 000,000,000 | -HS- | C] () -- C:\Program Files\hkcl5t.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Dec 29, 2011
    #27

  8. spanner monkey Newcomer, in training

    security check log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2011
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 30
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
    spanner monkey, Dec 30, 2011
    #28

  9. spanner monkey Newcomer, in training

    TFC log

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-861567501-1659004503-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
    File C:\WINDOWS\tasks\*.job not found.
    C:\WINDOWS\hkcl5t.exe moved successfully.
    C:\Program Files\hkcl5t.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Daddy (ipod)
    ->Temp folder emptied: 158744 bytes
    ->Temporary Internet Files folder emptied: 327974 bytes
    ->Java cache emptied: 23783 bytes
    ->Google Chrome cache emptied: 136023820 bytes
    ->Flash cache emptied: 2119 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 392594 bytes
    ->Flash cache emptied: 10466 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mommy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 11760 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 310929 bytes
    ->Flash cache emptied: 68956 bytes

    User: User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 294871 bytes
    ->Java cache emptied: 512231 bytes
    ->Google Chrome cache emptied: 256838794 bytes
    ->Flash cache emptied: 4333 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 3219836 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 256 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 380.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Daddy (ipod)
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mommy
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: User
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 12292011_222555

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    spanner monkey, Dec 30, 2011
    #29

  10. Broni Malware Annihilator

    ...and Eset...
    Broni, Dec 30, 2011
    #30

  11. spanner monkey Newcomer, in training

    eset

    no threats found
    spanner monkey, Dec 30, 2011
    #31

  12. Broni Malware Annihilator

    Your computer is clean [IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
    Broni, Dec 30, 2011
    #32

  13. spanner monkey Newcomer, in training

    otl scan

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Daddy (ipod)
    ->Temp folder emptied: 324215 bytes
    ->Temporary Internet Files folder emptied: 50711055 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 70341935 bytes
    ->Flash cache emptied: 559 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 2362 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mommy
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 256 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 205130761 bytes

    Total Files Cleaned = 311.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Daddy (ipod)
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: Mommy
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: User
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 12312011_105845

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    spanner monkey, Dec 31, 2011
    #33

  14. spanner monkey Newcomer, in training

    Computer now seems ok now. Even the printer is working again :)
    spanner monkey, Dec 31, 2011
    #34

  15. Broni Malware Annihilator

    Way to go!! [IMG]
    Good luck and stay safe :)

    [IMG]
    Broni, Dec 31, 2011
    #35
Page 2 of 2