TechSpot

Iexplore.exe keeps respawning after force closing

By haikuxx
Dec 9, 2011
  1. So I've been looking around for a way to destroy this, or rather just make it stop. I get constant clicking [as if you just clicked a link] and random audio adds will play and/or adds will pop up from time to time.

    I do not use Internet Explorer, thus why I don't understand why this should even be running. I am currently using a Dell XPS 1710 laptop, running Windows XP and I use Firefox as my browser of choice. Recently I have had to do a system restore to avoid the 2012 AntiVirus nonsense that is actually a virus. That problem has not cropped up again, but this one with the iexplore.exe is an issue.

    I have looked over several forum threads and posts, but I am hesitant to do anything till I can talk with someone a bit more knowledgeable because it seems each reply is based specifically to the poster's computer stats.

    That being said, here are the only things I've done thus far to combat the problem:

    - Run MalwareBytes
    - End Process [and when multiple iexplore.exe pop up I use End Process Tree] to kill them all, but within 5 seconds they respawn.


    Normally I see about 4-6 of these some under System some under WinUser, more often than not the majority are under System.

    I hope this is enough information to go on and would greatly appreciate any assistance possible.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Hello,

    I tried running MalwareBytes as directed, it has run across an error, so I'm trying it again, if it fails should I move to another step or do something else?

    Also a slight update on the iexplore.exe in the task manager, it is often accompanied by this weird process that I have never run across before, nor can I find anything about it when I google it.

    6qs7hgii.com

    Currently I have about 3 of them appearing in my task manager, all under the System user name and are using anywhere from 11k to 34k memory usage.

    I have found that when I end those as well as the iexplore.exe the ads stop for a while before re-appearing.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    If MBAM fails, proceed with other steps.
     
  5. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Alright, all good now, the MalwareBytes has completed, and I rebooted system now off to the other steps.


    Update on the issue.. as I was typing this up adds are now popping up in firefox... ugh I'm still monitoring the before mention iexplore.exe and that strangely spelled .com one. So far neither have cropped up.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go on..........:)
     
  7. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Umm question...how long does the gmer run for? I had it started very shortly after the last message I posted here, which was hours ago. And its still going through my files? I'm just wondering if in impatient or is it just still doing its thing and not taking its sweet time?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Leave it on overnight.
     
  9. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Alright, I believe I have what was requested, and will be begin posting the log files.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8339

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/9/2011 7:40:01 PM
    mbam-log-2011-12-09 (19-40-01).txt

    Scan type: Quick scan
    Objects scanned: 233150
    Time elapsed: 9 minute(s), 14 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\documents and settings\networkservice\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Email) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\networkservice\application data\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
    c:\WINDOWS\system32\6qs7hgii.com (Trojan.Email) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\6qs7hgii.com_ (Trojan.Email) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\hki44332.exe (Trojan.Email) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\hki44441.exe (Trojan.Email) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\rfejrf\setup.exe (Trojan.Email) -> Quarantined and deleted successfully.
     
  10. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    gmer log

    The GMER log:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-10 00:04:13
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK5059GSXP rev.GN001A
    Running: pzsg5fgr.exe; Driver: C:\DOCUME~1\WinUser\LOCALS~1\Temp\fwtdakoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xB9ED10B0]
    SSDT sptd.sys ZwEnumerateKey [0xB9ED684C]
    SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC]
    SSDT sptd.sys ZwOpenKey [0xB9ED1090]
    SSDT sptd.sys ZwQueryKey [0xB9ED6CC4]
    SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44]
    SSDT sptd.sys ZwSetValueKey [0xB9ED6D56]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? mrqreo.sys The system cannot find the file specified. !
    ? cyumy.sys The system cannot find the file specified. !
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB908A380, 0x21FEFD, 0xE8000020]
    .text USBPORT.SYS!DllUnload B901F8AC 5 Bytes JMP 8B1DA1B8
    .text i8042prt.sys B9427000 9 Bytes [90, 90, 90, 90, 8B, FF, 55, ...] {NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
    .text i8042prt.sys B942700B 10 Bytes [8B, 75, 08, 57, 33, FF, 8D, ...]
    .text i8042prt.sys B9427017 34 Bytes [87, 38, 33, DB, 38, 5D, 14, ...]
    .text i8042prt.sys B942703B 2 Bytes [BC, 10]
    .text i8042prt.sys B942703F 7 Bytes [88, 9E, 88, 02, 00, 00, A1]
    .text ...
    ? C:\WINDOWS\system32\DRIVERS\i8042prt.sys suspicious PE modification
    ? System32\Drivers\a9cu1knz.SYS The system cannot find the path specified. !
    init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB69FD280]
    .text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xBA2E8280, 0x7B04, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\ping.exe[940] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB000A
    .text C:\WINDOWS\System32\ping.exe[940] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\System32\ping.exe[940] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6000A
    .text C:\WINDOWS\System32\ping.exe[940] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7000A
    .text C:\WINDOWS\System32\ping.exe[940] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C
    .text C:\WINDOWS\System32\ping.exe[940] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\System32\ping.exe[940] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\System32\ping.exe[940] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C1000A
    .text C:\WINDOWS\System32\ping.exe[940] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\System32\svchost.exe[1976] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE000A
    .text C:\WINDOWS\System32\svchost.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EF000A
    .text C:\WINDOWS\System32\svchost.exe[1976] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00ED000C
    .text C:\WINDOWS\Explorer.EXE[2984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B0000A
    .text C:\WINDOWS\Explorer.EXE[2984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02B1000A
    .text C:\WINDOWS\Explorer.EXE[2984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02AF000C
    .text C:\Program Files\Pando Networks\Media Booster\PMB.exe[4044] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F12F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F12C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F12CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F12CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8B34D1D8
    Device \Driver\usbhub \Device\0000009c hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{4352A145-7A37-44B5-B51B-326FD34E21A7} 8B073980

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\usbhub \Device\0000009e hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-0 8B1CB1D8
    Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-1 8B1CB1D8
    Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3C21D8
    Device \Driver\dmio \Device\DmControl\DmConfig 8B3C21D8
    Device \Driver\dmio \Device\DmControl\DmPnP 8B3C21D8
    Device \Driver\dmio \Device\DmControl\DmInfo 8B3C21D8
    Device \Driver\usbuhci \Device\USBPDO-2 8B1CB1D8
    Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-3 8B1CB1D8
    Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbehci \Device\USBPDO-4 8B1D81D8
    Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\000000a0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\00000051 \Device\00000063 sptd.sys
    Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8B34F1D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8B34F1D8
    Device \Driver\Cdrom \Device\CdRom0 8B0E11D8
    Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Cdrom \Device\CdRom1 8B0E11D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E25B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8B34F1D8
    Device \Driver\usbhub \Device\000000a6 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Ftdisk \Device\HarddiskVolume4 8B34F1D8
    Device \Driver\usbhub \Device\USBPDO-10 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\BTHUSB \Device\000000b3 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8B073980
    Device \Driver\BTHUSB \Device\000000b5 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\NetBT \Device\NetbiosSmb 8B073980
    Device \Driver\usbhub \Device\00000096 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{31C5EB37-4C41-4CA5-A585-875285D800D3} 8B073980
    Device \Driver\usbhub \Device\00000098 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-0 8B1CB1D8
    Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-1 8B1CB1D8
    Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A9B5980
    Device \Driver\usbuhci \Device\USBFDO-2 8B1CB1D8
    Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A9B5980
    Device \Driver\usbuhci \Device\USBFDO-3 8B1CB1D8
    Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{D8D85D0E-FE85-4248-A936-855FC3AF2B30} 8B073980
    Device \Driver\NetBT \Device\NetBT_Tcpip_{454E96DD-AC8D-4D8E-B749-E0A6A0F3C431} 8B073980
    Device \Driver\usbehci \Device\USBFDO-4 8B1D81D8
    Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Ftdisk \Device\FtControl 8B34F1D8
    Device \Driver\a9cu1knz \Device\Scsi\a9cu1knz1Port2Path0Target0Lun0 8B0541D8
    Device \Driver\a9cu1knz \Device\Scsi\a9cu1knz1 8B0541D8
    Device \Driver\usbhub \Device\0000009a hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \FileSystem\Fastfat \Fat 8A8BD980
    Device \FileSystem\Fastfat \Fat B1EEA297

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 8A9AF708
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B8F91000-B8FA7000 (90112 bytes)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164173efb7
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cff8f1c6
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edde470
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1581010715
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1371988129
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x86 0x07 0x55 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x41 0x6F 0x38 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0xEC 0x2D 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164173efb7 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cff8f1c6 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197edde470 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x86 0x07 0x55 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x41 0x6F 0x38 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0xEC 0x2D 0xF9 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x0B 0x86 0x07 0x55 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2E 0x41 0x6F 0x38 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x28 0xEC 0x2D 0xF9 ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\$NtUninstallKB52126$\1007966568 0 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725 0 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\bckfg.tmp 851 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\cfg.ini 201 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\keywords 148 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\L\iahonoel 52480 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\lsflt7.ver 5176 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U\00000001.@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U\00000002.@ 224768 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U\00000004.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U\80000000.@ 1024 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U\80000004.@ 12800 bytes
    File C:\WINDOWS\$NtUninstallKB52126$\1177783725\U\80000032.@ 98304 bytes

    ---- EOF - GMER 1.0.15 ----
     
  11. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    DDS log

    The first DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by WinUser at 0:09:00 on 2011-12-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2470 [GMT -6:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\System32\ping.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [VMware hqtray] "c:\program files\vmware\vmware view\client\local mode\hqtray.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    LSP: c:\program files\vmware\vmware view\client\local mode\vsocklib.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.2
    TCP: Interfaces\{4352A145-7A37-44B5-B51B-326FD34E21A7} : DhcpNameServer = 192.168.0.2
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\winuser\application data\mozilla\firefox\profiles\s1au0sx6.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2007-9-15 33824]
    R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\hawkes learning systems\hawkes update service manager\srvany.exe [2011-8-31 8192]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-13 366152]
    R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-26 5554552]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-26 451960]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 70768]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-11-11 539248]
    R2 wsnm;VMware View Client;c:\program files\vmware\vmware view\client\bin\wsnm.exe [2011-2-18 494192]
    R2 wsnm_usbctrl;VMware View USB Control;c:\program files\vmware\vmware view\client\bin\wsnm_usbctrl.exe [2011-2-18 793200]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-13 22216]
    R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [2011-11-7 39984]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-26 10752]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
    SUnknown SPService;SPService; [x]
    .
    =============== Created Last 30 ================
    .
    2011-12-09 07:10:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-12-09 07:10:09 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-09 06:40:50 -------- d-----w- c:\program files\Panda Security
    2011-11-26 18:40:31 -------- d-----w- c:\documents and settings\winuser\application data\WTablet
    2011-11-26 18:40:24 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
    2011-11-26 18:40:13 -------- d-----w- c:\program files\TabletPlugins
    2011-11-26 18:40:10 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2011-11-26 18:39:35 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2011-11-26 18:39:21 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2011-11-26 18:39:16 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2011-11-26 18:39:16 1156472 ----a-w- c:\windows\system32\Wintab32.dll
    2011-11-26 18:39:16 1152888 ----a-w- c:\windows\system32\WacomMT.dll
    2011-11-26 18:39:13 -------- d-----w- c:\program files\Tablet
    2011-11-14 01:05:50 -------- d-----w- c:\documents and settings\winuser\application data\Malwarebytes
    2011-11-14 01:05:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-14 01:05:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-14 01:05:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-11-08 04:20:04 397312 ----a-w- c:\windows\system32\vmnat.exe
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 0:10:06.40 ===============
     
  12. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Attach DDS log

    And the Attach DDS log:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/14/2007 3:34:09 PM
    System Uptime: 12/9/2011 7:41:21 PM (5 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Genuine Intel(R) CPU T2500 @ 2.00GHz | Microprocessor | 1997/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 440 GiB total, 341.145 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10208086&REV_02\4&360A6DE&0&00E1
    Service: NETw3x32
    .
    ==== System Restore Points ===================
    .
    RP237: 9/11/2011 7:19:05 PM - Configured Microsoft Office Enterprise 2007
    RP238: 9/15/2011 11:13:39 PM - System Checkpoint
    RP239: 9/16/2011 11:51:39 PM - System Checkpoint
    RP240: 9/21/2011 12:06:08 AM - System Checkpoint
    RP241: 9/22/2011 9:34:38 AM - System Checkpoint
    RP242: 9/27/2011 5:01:30 PM - System Checkpoint
    RP243: 9/27/2011 7:01:07 PM - Software Distribution Service 3.0
    RP244: 9/30/2011 5:43:54 PM - System Checkpoint
    RP245: 10/2/2011 10:24:33 AM - System Checkpoint
    RP246: 10/2/2011 10:04:54 PM - Logitech Webcam Software v12.10.1110
    RP247: 10/10/2011 4:53:39 PM - System Checkpoint
    RP248: 10/11/2011 11:03:58 PM - System Checkpoint
    RP249: 10/14/2011 8:28:20 AM - Software Distribution Service 3.0
    RP250: 10/14/2011 9:06:34 AM - Removed Logitech Vid.
    RP251: 10/14/2011 9:07:51 AM - Removed QuickTime
    RP252: 10/16/2011 11:48:32 PM - System Checkpoint
    RP253: 10/18/2011 6:48:03 PM - System Checkpoint
    RP254: 10/20/2011 9:40:30 AM - System Checkpoint
    RP255: 10/31/2011 5:27:08 PM - Installed iTunes
    RP256: 11/3/2011 10:20:55 AM - System Checkpoint
    RP257: 11/7/2011 7:23:45 PM - Installed VMware View Client.
    RP258: 11/7/2011 10:08:15 PM - Removed View Client with Offline Desktop.
    RP259: 11/7/2011 10:11:57 PM - Removed VMware View Client.
    RP260: 11/7/2011 10:20:59 PM - Installed VMware View Client.
    RP261: 11/9/2011 5:16:29 PM - System Checkpoint
    RP262: 11/10/2011 5:21:23 PM - System Checkpoint
    RP263: 11/11/2011 5:09:30 PM - Software Distribution Service 3.0
    RP264: 11/13/2011 1:22:34 PM - System Checkpoint
    RP265: 11/15/2011 11:21:22 AM - System Checkpoint
    RP266: 11/17/2011 11:17:28 AM - System Checkpoint
    RP267: 11/18/2011 11:20:36 AM - System Checkpoint
    RP268: 11/22/2011 4:55:49 PM - System Checkpoint
    RP269: 11/23/2011 5:36:37 PM - System Checkpoint
    RP270: 11/24/2011 5:44:34 PM - System Checkpoint
    RP271: 11/26/2011 9:57:43 AM - System Checkpoint
    RP272: 11/27/2011 1:34:38 PM - System Checkpoint
    RP273: 11/28/2011 10:33:13 PM - System Checkpoint
    RP274: 11/29/2011 11:20:10 PM - System Checkpoint
    RP275: 11/30/2011 11:53:25 PM - System Checkpoint
    RP276: 12/2/2011 12:10:36 AM - System Checkpoint
    RP277: 12/3/2011 1:11:40 AM - System Checkpoint
    RP278: 12/4/2011 1:17:06 AM - System Checkpoint
    RP279: 12/5/2011 1:19:40 AM - System Checkpoint
    RP280: 12/6/2011 2:11:54 AM - System Checkpoint
    RP281: 12/7/2011 2:14:25 AM - System Checkpoint
    RP282: 12/9/2011 1:01:54 AM - Restore Operation
    RP283: 12/9/2011 8:01:46 AM - Safe
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.8
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Bamboo
    Bonjour
    Business Complete Care Services Agreement
    Conexant HDA D110 MDC V.92 Modem
    Creative Audio Pack
    Creative MediaSource 5
    Crysis(R)
    Dell Support 3.2.1
    Dell System Restore
    Digital Line Detect
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    EA Download Manager
    Fiesta
    getPlus(R)_ocx
    Half-Life 2
    Half-Life 2: Deathmatch
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Hawkes Update Service Manager
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB981793)
    HyperCam 2
    Intel(R) PROSet/Wireless Software
    iTunes
    J2SE Development Kit 5.0 Update 12
    J2SE Runtime Environment 5.0 Update 12
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java DB 10.2.2.0
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    Java(TM) SE Development Kit 6 Update 2
    Java(TM) SE Runtime Environment 6 Update 1
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes' Anti-Malware version 1.51.2.1300
    mCore
    mDrWiFi
    MediaDirect
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Modem Helper
    Mozilla Firefox 5.0 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    mSSO
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    mWlsSafe
    mWMI
    mXML
    mZConfig
    NetWaiting
    NVIDIA Drivers
    OutlookAddinSetup
    OZ776 SCR CardBus Windows Driver
    Pando Media Booster
    Peggle Extreme
    Portal
    PunkBuster Services
    Qualxserve Service Agreement
    QuickSet
    RaidCall
    Roxio DLA
    Roxio MyDVD LE
    Roxio RecordNow Audio
    Roxio RecordNow Copy
    Roxio RecordNow Data
    SearchAssist
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype™ 3.5
    Sonic Activation Module
    Sonic Update Manager
    Sound Blaster ADVANCED MB Drivers
    Sound Blaster Audigy ADVANCED MB
    Sound Blaster Audigy ADVANCED MB Product Registration
    Statistics (Fall 2011 Student)
    Steam
    Synaptics Pointing Device Driver
    Team Fortress 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    VideoLAN VLC media player 0.8.6c
    VMware View Client
    WebFldrs XP
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth (02/24/2004 5.1.2535.0)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/9/2011 9:23:09 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    12/9/2011 9:20:02 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    12/9/2011 9:14:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
    12/9/2011 9:14:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
    12/9/2011 8:14:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
    12/9/2011 8:14:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
    12/9/2011 7:58:19 AM, error: SCardSvr [610] - Smart Card Reader 'O2 O2Micro CCID SC Reader 0' rejected IOCTL GET_STATE: The device has been removed.
    12/9/2011 7:43:42 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    12/9/2011 7:43:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SPService service to connect.
    12/9/2011 7:43:42 PM, error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/9/2011 4:14:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
    12/9/2011 3:14:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
    12/9/2011 2:14:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
    12/9/2011 12:24:20 AM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    12/9/2011 11:14:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
    12/9/2011 11:14:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
    12/9/2011 10:14:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
    12/9/2011 10:14:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
    .
    ==== End Of File ===========================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I don't see any AV program running.
    Install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
    - free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
    Update, run full scan, report on any findings.

    Then...

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Updates between last night and today before you posted, I had the virus masking as Antivirus 2012 popping up again. This is what originally started my problem but had seemed to go away when I did a system restore and then encountered the problems that made me post this thread, the respawning iexplore.exe and sound files/ads running in the background.

    I have also downloaded and installed one of the free AV programs you suggested, Avast, took a little getting use to but I think I correctly disabled it before running the ComboFix.

    Other than that here are the logs requested this time. I think they look fairly positive from what I can make of them. Both programs had slight hiccups getting started, I don't know if I should detail it but just in case I will.

    The aswMBR started then closed without reason so I restarted it, and it produced the following

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-10 16:47:03
    -----------------------------
    16:47:03.390 OS Version: Windows 5.1.2600 Service Pack 3
    16:47:03.390 Number of processors: 2 586 0xE08
    16:47:03.390 ComputerName: KRYSTAL-XPS UserName: WinUser
    16:47:31.046 Initialize success
    16:47:31.171 AVAST engine defs: 11121001
    16:49:39.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    16:49:39.968 Disk 0 Vendor: TOSHIBA_MK5059GSXP GN001A Size: 476940MB BusType: 3
    16:49:42.109 Disk 0 MBR read successfully
    16:49:42.109 Disk 0 MBR scan
    16:49:42.109 Disk 0 unknown MBR code
    16:49:42.218 Disk 0 scanning sectors +976768065
    16:49:42.578 Disk 0 scanning C:\WINDOWS\system32\drivers
    16:50:20.500 File: C:\WINDOWS\system32\drivers\i8042prt.sys **INFECTED** Win32:Alureon-AOT [Rtk]
    16:51:10.062 Service scanning
    16:51:16.515 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    16:51:17.078 Modules scanning
    16:51:46.046 Module: C:\WINDOWS\system32\DRIVERS\i8042prt.sys **SUSPICIOUS**
    16:52:57.984 Disk 0 trace - called modules:
    16:52:58.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8afebf10]<<
    16:52:58.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b321ab8]
    16:52:58.062 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8b07dd70]
    16:52:58.062 \Driver\00000666[0x8b014be0] -> IRP_MJ_CREATE -> 0x8afebf10
    16:53:27.406 AVAST engine scan C:\WINDOWS
    16:55:06.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WinUser\Desktop\TroubleShooting\MBR.dat"
    16:55:06.265 The log file has been saved successfully to "C:\Documents and Settings\WinUser\Desktop\TroubleShooting\aswMBR.txt"
     
  15. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    The ComboFix ran without problem till it declared it would automatically restart my computer and that I should not power down or restart it myself. So I waited, low and behold the blue screen of death appears. I wait another 10minutes not sure if the program is making up its mind or not, after that I hard power down [I'm using a laptop as I mentioned in the first post] by holding the power button till the machine shut off and then hit it once more to get it on again. When it restarted and I logged into my user account, ComboFix took over once more and continued on, where I assume it left off. I don't know if thats common or not but worth the mention.

    ComboFix log:

    ComboFix 11-12-10.01 - WinUser 12/10/2011 17:22:21.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2866 [GMT -6:00]
    Running from: c:\documents and settings\WinUser\Desktop\TroubleShooting\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\WinUser\Local Settings\Application Data\qnw.exe
    c:\windows\$NtUninstallKB52126$\1177783725\@
    c:\windows\$NtUninstallKB52126$\1177783725\bckfg.tmp
    c:\windows\$NtUninstallKB52126$\1177783725\cfg.ini
    c:\windows\$NtUninstallKB52126$\1177783725\Desktop.ini
    c:\windows\$NtUninstallKB52126$\1177783725\keywords
    c:\windows\$NtUninstallKB52126$\1177783725\kwrd.dll
    c:\windows\$NtUninstallKB52126$\1177783725\L\iahonoel
    c:\windows\$NtUninstallKB52126$\1177783725\lsflt7.ver
    c:\windows\$NtUninstallKB52126$\1177783725\U\00000001.@
    c:\windows\$NtUninstallKB52126$\1177783725\U\00000002.@
    c:\windows\$NtUninstallKB52126$\1177783725\U\00000004.@
    c:\windows\$NtUninstallKB52126$\1177783725\U\80000000.@
    c:\windows\$NtUninstallKB52126$\1177783725\U\80000004.@
    c:\windows\$NtUninstallKB52126$\1177783725\U\80000032.@
    c:\windows\explorer(2).exe
    c:\windows\system32\_000007_.tmp.dll
    c:\windows\TEMP\mia23\mEXEFunc.dll
    c:\windows\$NtUninstallKB52126$\1007966568 . . . . Failed to delete
    .
    Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
    Restored copy from - The cat found it :)
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-10 23:09 . 2008-04-14 05:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-12-10 22:19 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-12-10 22:19 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-12-10 22:19 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-12-10 22:19 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-12-10 22:19 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-12-10 22:19 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-12-10 22:19 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-12-10 22:19 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-12-10 22:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
    2011-12-10 22:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
    2011-12-10 22:16 . 2011-12-10 22:16 -------- d-----w- c:\program files\AVAST Software
    2011-12-10 22:16 . 2011-12-10 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-12-09 21:00 . 2011-12-09 21:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2011-12-09 07:10 . 2011-12-09 07:10 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-12-09 06:40 . 2011-12-09 06:40 -------- d-----w- c:\program files\Panda Security
    2011-12-07 13:06 . 2011-12-07 13:07 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
    2011-11-26 18:40 . 2011-11-26 18:40 -------- d-----w- c:\documents and settings\WinUser\Application Data\WTablet
    2011-11-26 18:40 . 2011-09-08 23:48 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
    2011-11-26 18:40 . 2011-09-08 23:49 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2011-11-26 18:39 . 2011-09-08 23:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2011-11-26 18:39 . 2011-09-08 23:49 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2011-11-26 18:39 . 2011-09-08 23:48 1156472 ----a-w- c:\windows\system32\Wintab32.dll
    2011-11-26 18:39 . 2011-09-08 23:48 1152888 ----a-w- c:\windows\system32\WacomMT.dll
    2011-11-26 18:39 . 2011-09-08 23:48 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2011-11-26 18:39 . 2011-12-09 07:08 -------- d-----w- c:\program files\Tablet
    2011-11-14 01:05 . 2011-11-14 01:05 -------- d-----w- c:\documents and settings\WinUser\Application Data\Malwarebytes
    2011-11-14 01:05 . 2011-11-14 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-11-14 01:05 . 2011-11-14 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-14 01:05 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-08 04:20 . 2011-11-08 04:23 397312 ----a-w- c:\windows\system32\vmnat.exe
    2011-10-10 14:22 . 2004-08-11 22:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2004-08-11 22:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41 . 2004-08-11 22:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41 . 2004-08-11 22:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-06-16 04:17 . 2011-06-27 19:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-06-27 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7561216]
    "nwiz"="nwiz.exe" [2006-05-01 1519616]
    "NVHotkey"="nvHotkey.dll" [2006-05-01 73728]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
    "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-09-08 1036288]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
    "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344]
    "MBMon"="CTMBHA.DLL" [2006-06-29 1355042]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-6 24576]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest wsauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2006-08-29 02:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 21:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-10-09 23:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
    2003-09-10 07:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2006-08-22 20:32 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2008-06-05 02:48 1271032 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 18:03 36975 -c--a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "xmlprov"=3 (0x3)
    "WZCSVC"=2 (0x2)
    "wscsvc"=2 (0x2)
    "WmiApSrv"=3 (0x3)
    "Wmi"=3 (0x3)
    "WmdmPmSN"=3 (0x3)
    "VSS"=3 (0x3)
    "UPS"=3 (0x3)
    "upnphost"=3 (0x3)
    "tmproxy"=2 (0x2)
    "TmPfw"=2 (0x2)
    "Tmntsrv"=2 (0x2)
    "SwPrv"=3 (0x3)
    "stisvc"=3 (0x3)
    "RSVP"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasAuto"=3 (0x3)
    "PcCtlCom"=2 (0x2)
    "ose"=3 (0x3)
    "odserv"=3 (0x3)
    "NtmsSvc"=3 (0x3)
    "NtLmSsp"=3 (0x3)
    "Netlogon"=3 (0x3)
    "MSIServer"=3 (0x3)
    "MSDTC"=3 (0x3)
    "mnmsrvc"=3 (0x3)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "iPod Service"=3 (0x3)
    "ImapiService"=3 (0x3)
    "IDriverT"=3 (0x3)
    "Fax"=2 (0x2)
    "FastUserSwitchingCompatibility"=3 (0x3)
    "dmserver"=3 (0x3)
    "COMSysApp"=3 (0x3)
    "clr_optimization_v2.0.50727_32"=3 (0x3)
    "CiSvc"=3 (0x3)
    "BITS"=2 (0x2)
    "aspnet_state"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\utorrent\\utorrent.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\titanium_fink\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\VMware\\VMware View\\Client\\Local Mode\\vmware-authd.exe"=
    "c:\\Program Files\\VMware\\VMware View\\Client\\bin\\vmware-remotemks.exe"=
    "c:\\Program Files\\VMware\\VMware View\\Client\\bin\\wswc.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
    "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
    "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "56946:TCP"= 56946:TCP:pando Media Booster
    "56946:UDP"= 56946:UDP:pando Media Booster
    .
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/18/2007 4:41 PM 639224]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/10/2011 4:19 PM 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/10/2011 4:19 PM 314456]
    R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [9/15/2007 6:46 AM 33824]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/10/2011 4:19 PM 20568]
    R2 HawkesUpdater;Hawkes Unattended Updater;c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe [8/31/2011 10:11 PM 8192]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2011 7:05 PM 366152]
    R2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [11/26/2011 12:39 PM 5554552]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [11/26/2011 12:40 PM 451960]
    R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [11/11/2010 2:11 PM 70768]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [11/11/2010 12:31 PM 539248]
    R2 wsnm;VMware View Client;c:\program files\VMware\VMware View\Client\bin\wsnm.exe [2/18/2011 6:37 PM 494192]
    R2 wsnm_usbctrl;VMware View USB Control;c:\program files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [2/18/2011 6:38 PM 793200]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2011 7:05 PM 22216]
    R3 vmwvusb;VMware View Generic USB Driver;c:\windows\system32\drivers\vmwvusb.sys [11/7/2011 10:26 PM 39984]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [11/26/2011 12:40 PM 10752]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    LSP: c:\program files\VMware\VMware View\Client\Local Mode\vsocklib.dll
    TCP: DhcpNameServer = 192.168.0.2
    FF - ProfilePath - c:\documents and settings\WinUser\Application Data\Mozilla\Firefox\Profiles\s1au0sx6.default\
    FF - prefs.js: browser.startup.homepage - google.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-VMware hqtray - c:\program files\VMware\VMware View\Client\Local Mode\hqtray.exe
    MSConfigStartUp-Comrade - c:\program files\GameSpy\Comrade\Comrade.exe
    MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
    MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
    MSConfigStartUp-runner1 - c:\windows\retadpu41.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    MSConfigStartUp-WinPop - c:\program files\WinPop\winpop.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-10 18:24
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,92,b4,5e,36,0e,21,45,b2,c8,8f,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,92,b4,5e,36,0e,21,45,b2,c8,8f,\
    .
    [HKEY_USERS\S-1-5-21-1631034213-456783739-708485660-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:28,c7,19,23,81,dc,d6,e2,03,db,c0,21,ea,17,39,87,cd,6b,7d,ad,68,28,0f,
    36,a2,dc,01,3d,a6,2b,aa,ea,d5,ed,c2,6b,40,17,c2,19,9b,8d,26,a5,ad,b9,f4,b3,\
    "??"=hex:81,8e,4e,06,e3,6d,dd,15,c4,de,8f,30,25,ec,14,d5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(1196)
    c:\windows\system32\wsauth.dll
    .
    - - - - - - - > 'explorer.exe'(5216)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\SCardSvr.exe
    c:\program files\Tablet\Pen\Pen_TouchUser.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    c:\program files\Tablet\Pen\Pen_TabletUser.exe
    c:\windows\system32\vmnat.exe
    c:\windows\system32\vmnetdhcp.exe
    c:\windows\system32\rundll32.exe
    c:\windows\stsystra.exe
    c:\windows\system32\rundll32.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-10 18:43:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-11 00:43
    .
    Pre-Run: 365,696,274,432 bytes free
    Post-Run: 371,854,667,776 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 56126FF18781A28A57277E7A985D6B46
     
  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good now :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    I have not seen current issues up to this point, but I have been trying to do as little as possible as so to be sure both of us are up to date on the machine as possible. I will run this scan, I'm assuming by your wording it will take a few, so I will walk away from the computer again and check it within an hour or so.

    Best news so far is that the virus Antivirus 2012 nonsense I think was nipped in the bud as it isn't wanting to block me when I try and open firefox anymore. I also have not seen any of the iexplore.exe's appearing randomly or any of the numerous oddly named .com processes or the hki###'s. So as of right now I believe this has helped immensely! Personally I can not thank you enough. I will be back with those logs once they finish :)


    ps: Whats with these 'Random Questions'? They certainly are random, and some of them I've had to look up.
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    What 'Random Questions'?

    At this point your computer should be fairly clean so you can use it normally.
     
  19. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    The Random Questions you have to answer before you can post your reply or even start a thread and if I recall there is one on your application to get a user name for the forum.

    Alright the logs have arrived :D

    OTL.txt

    OTL logfile created on: 12/10/2011 8:05:09 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\WinUser\Desktop\TroubleShooting
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.15% Memory free
    5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.26% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 440.49 Gb Total Space | 346.40 Gb Free Space | 78.64% Space Free | Partition Type: NTFS

    Computer Name: KRYSTAL-XPS | User Name: WinUser | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/10 19:58:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WinUser\Desktop\TroubleShooting\OTL.exe
    PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/11/07 22:20:04 | 000,397,312 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
    PRC - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    PRC - [2011/09/08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    PRC - [2011/09/08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    PRC - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/03/20 15:44:42 | 003,140,288 | ---- | M] (Hawkes Learning Systems ) -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\HawkesUpdater.exe
    PRC - [2011/02/18 18:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
    PRC - [2011/02/18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
    PRC - [2010/11/11 14:11:00 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
    PRC - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
    PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/06/06 14:50:30 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    PRC - [2006/10/18 17:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2006/10/18 17:01:34 | 000,290,816 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2006/10/18 16:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2006/09/08 14:43:50 | 001,036,288 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2006/09/08 14:41:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    PRC - [2006/05/24 17:28:28 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006/03/24 15:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2005/10/31 09:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2005/04/01 19:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    PRC - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/10 11:58:44 | 001,646,080 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121001\algo.dll
    MOD - [2011/12/07 17:32:09 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11121001\aswRep.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/09/08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
    MOD - [2011/03/20 15:44:40 | 000,598,616 | ---- | M] () -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\mia.lib
    MOD - [2010/12/29 23:39:40 | 000,101,888 | ---- | M] () -- C:\WINDOWS\Temp\mia1\mEXEFunc.dll
    MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2006/10/18 16:51:48 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
    MOD - [2006/10/18 16:50:22 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
    MOD - [2006/09/08 14:44:08 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
    MOD - [2006/05/24 17:29:44 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/11/07 22:20:04 | 000,397,312 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
    SRV - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/02/18 18:38:24 | 000,793,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
    SRV - [2011/02/18 18:37:56 | 000,494,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
    SRV - [2010/11/11 14:11:00 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2010/11/11 14:09:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe -- (VMAuthdService)
    SRV - [2010/11/11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
    SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/06/06 14:50:30 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
    SRV - [2006/10/18 17:01:34 | 000,290,816 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2006/09/08 14:41:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
    SRV - [2005/04/01 19:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
    SRV - [2003/04/18 17:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Hawkes Learning Systems\Hawkes Update Service Manager\srvany.exe -- (HawkesUpdater)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2011/09/08 17:49:36 | 000,010,752 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2011/09/08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2011/09/08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/02/18 18:38:24 | 000,039,984 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmwvusb.sys -- (vmwvusb)
    DRV - [2010/11/11 14:11:16 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
    DRV - [2010/11/11 14:11:14 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
    DRV - [2010/11/11 14:09:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2010/11/11 14:08:36 | 000,032,752 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2010/11/11 14:08:32 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2010/11/11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
    DRV - [2010/11/11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV - [2010/08/19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware View\Client\Local Mode\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2009/04/30 17:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 16:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2009/04/30 16:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2007/09/15 06:46:57 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
    DRV - [2007/06/18 16:41:03 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2007/01/28 13:23:36 | 000,061,312 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2006/10/19 08:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2006/05/24 17:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006/05/24 17:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2006/05/24 17:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006/05/24 17:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006/05/24 17:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
    DRV - [2006/05/24 17:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2006/05/24 16:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2006/05/24 16:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2006/03/24 15:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/01/03 23:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
    DRV - [2005/11/10 08:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/07/14 15:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/07/14 14:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/07/12 16:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/05/25 01:34:00 | 000,158,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctusfsyn.sys -- (CTUSFSYN)
    DRV - [2005/05/13 16:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
    DRV - [2005/01/10 02:15:00 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/01/10 02:15:00 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070606
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1631034213-456783739-708485660-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1631034213-456783739-708485660-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1631034213-456783739-708485660-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/10 16:17:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/14 08:10:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/14 08:10:16 | 000,000,000 | ---D | M]

    [2011/06/27 13:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinUser\Application Data\Mozilla\Extensions
    [2011/12/10 11:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\WinUser\Application Data\Mozilla\Firefox\Profiles\s1au0sx6.default\extensions
    [2011/06/27 13:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2007/09/04 12:27:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    [2011/06/26 23:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/12/10 16:17:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/06/26 23:19:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/06/27 18:15:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/06/15 22:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/06/26 23:19:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/12/10 18:19:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-21-1631034213-456783739-708485660-1005..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - HKU\S-1-5-21-1631034213-456783739-708485660-1005..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1631034213-456783739-708485660-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1631034213-456783739-708485660-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1631034213-456783739-708485660-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-1631034213-456783739-708485660-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\VMware\VMware View\Client\Local Mode\vsocklib.dll (VMware, Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4352A145-7A37-44B5-B51B-326FD34E21A7}: DhcpNameServer = 192.168.0.2
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\WinUser\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\WinUser\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O30 - LSA: Security Packages - (wsauth) -C:\WINDOWS\System32\wsauth.dll (VMware, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.VMnc - C:\WINDOWS\System32\vmnc.dll (VMware, Inc.)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/10 17:06:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/10 17:01:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/10 17:01:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/10 17:01:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/10 17:01:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/10 17:01:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/10 17:01:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/10 16:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/12/10 16:19:37 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/12/10 16:19:36 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/12/10 16:19:29 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/12/10 16:19:27 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/12/10 16:19:26 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/12/10 16:19:23 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/12/10 16:19:23 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/12/10 16:19:20 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/12/10 16:17:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/12/10 16:17:36 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/12/10 16:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/12/10 16:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/10 00:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinUser\Desktop\TroubleShooting
    [2011/12/10 00:09:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WinUser\Start Menu\Programs\Administrative Tools
    [2011/12/09 15:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2011/12/09 01:08:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bamboo
    [2011/12/09 00:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2011/12/09 00:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2011/12/09 00:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2011/12/07 07:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WTablet
    [2011/11/26 12:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinUser\Application Data\WTablet
    [2011/11/26 12:40:24 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Touch_Tablet.dll
    [2011/11/26 12:40:13 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
    [2011/11/26 12:40:10 | 000,010,752 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacmoumonitor.sys
    [2011/11/26 12:39:35 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
    [2011/11/26 12:39:21 | 000,014,120 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
    [2011/11/26 12:39:16 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
    [2011/11/26 12:39:16 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
    [2011/11/26 12:39:16 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomMT.dll
    [2011/11/26 12:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
    [2011/11/13 19:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WinUser\Application Data\Malwarebytes
    [2011/11/13 19:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/13 19:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/11/13 19:05:40 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/11/13 19:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/10 18:20:11 | 000,057,604 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/12/10 18:20:10 | 000,188,795 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2011/12/10 18:19:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/12/10 18:15:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/12/10 18:15:23 | 3488,047,104 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/10 17:06:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/10 16:36:46 | 000,017,936 | -HS- | M] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\785717l4t046v007b072k0fkc2y2
    [2011/12/10 16:36:46 | 000,017,936 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\785717l4t046v007b072k0fkc2y2
    [2011/12/10 16:19:39 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/10 16:19:24 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/12/10 15:58:00 | 000,006,832 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/09 13:32:00 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gtcngtx.dat
    [2011/12/09 13:30:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\6qs7hgii.com.b
    [2011/12/09 01:12:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/12/09 00:46:53 | 000,007,300 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mfxohs1i3ayd7dmt3eyg4j022m8l
    [2011/12/09 00:46:52 | 000,007,300 | -HS- | M] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\mfxohs1i3ayd7dmt3eyg4j022m8l
    [2011/12/07 07:08:45 | 000,188,795 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2011/12/06 20:42:42 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\WinUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/11/28 12:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/11/28 11:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/11/13 19:05:47 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/11 17:12:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [14 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/10 17:06:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/12/10 17:06:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/10 17:01:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/12/10 17:01:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/10 17:01:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/10 17:01:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/10 17:01:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/10 16:19:39 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/10 16:05:36 | 000,017,936 | -HS- | C] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\785717l4t046v007b072k0fkc2y2
    [2011/12/10 16:05:36 | 000,017,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\785717l4t046v007b072k0fkc2y2
    [2011/12/09 13:30:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6qs7hgii.com.b
    [2011/12/09 13:28:20 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gtcngtx.dat
    [2011/12/09 00:12:19 | 000,007,300 | -HS- | C] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\mfxohs1i3ayd7dmt3eyg4j022m8l
    [2011/12/09 00:12:19 | 000,007,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mfxohs1i3ayd7dmt3eyg4j022m8l
    [2011/11/13 19:05:47 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/07 21:52:36 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/02 21:06:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2011/06/27 14:34:11 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
    [2011/06/27 14:34:10 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
    [2009/12/19 21:06:36 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2008/06/24 06:56:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\WinUser\Application Data\wklnhst.dat
    [2008/01/02 22:41:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Ulead32.INI
    [2008/01/02 22:35:54 | 000,044,491 | ---- | C] () -- C:\WINDOWS\System32\MiiIniFile13.ini
    [2007/12/27 11:54:36 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
    [2007/12/11 16:34:56 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2007/12/11 16:32:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2007/11/17 01:34:15 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\WinUser\Application Data\PnkBstrK.sys
    [2007/11/17 01:34:00 | 000,669,184 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
     
  20. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    OTL.txt continued

    [2007/11/16 10:24:26 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info3.ini
    [2007/11/16 10:24:25 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info2.ini
    [2007/11/16 10:24:25 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info1.ini
    [2007/11/02 21:24:10 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
    [2007/10/19 21:50:51 | 000,006,832 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2007/09/15 22:56:01 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2007/09/15 22:55:55 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
    [2007/09/15 22:55:49 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
    [2007/09/15 06:46:57 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
    [2007/09/11 21:19:07 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/07/19 10:01:54 | 000,002,211 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2007/07/19 09:42:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2007/07/04 09:03:26 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
    [2007/06/16 08:42:29 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\metapad.exe
    [2007/06/06 15:05:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/06/06 15:01:52 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
    [2007/06/06 14:58:26 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/06/06 14:50:49 | 000,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
    [2007/06/06 14:50:31 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
    [2007/06/06 14:50:14 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
    [2007/06/06 14:49:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2007/06/06 14:29:33 | 000,188,795 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
    [2007/06/06 14:23:40 | 001,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
    [2007/06/06 14:23:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2007/06/06 14:23:19 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2007/06/06 14:23:03 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/06/06 14:23:03 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2007/06/06 14:23:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/06/06 14:23:02 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/06/06 14:23:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/06/06 14:23:01 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2007/06/06 14:23:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2007/06/06 14:23:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
    [2007/06/06 14:22:59 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2007/06/06 14:22:10 | 000,001,121 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/05/24 17:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/11/10 00:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/01/21 11:02:28 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\RMDevice.dll
    [2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 16:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 16:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 16:06:43 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 16:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 16:00:28 | 000,449,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 16:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 16:00:28 | 000,074,674 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 16:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 16:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 16:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 16:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 16:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 16:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 16:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 16:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll


    ========== LOP Check ==========

    [2011/12/10 16:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/08/26 15:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2011/06/27 13:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
    [2011/08/26 15:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
    [2007/11/10 22:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/08/31 22:11:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{34D26920-1F37-4ACD-A43E-00D2EC6D5567}
    [2011/10/31 16:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/09/18 21:28:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{93906220-8503-45CF-87CB-5A54C8DE1AB2}
    [2007/06/30 21:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WinUser\Application Data\Leadertech
    [2011/06/27 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WinUser\Application Data\MSNInstaller
    [2011/06/27 13:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WinUser\Application Data\Opera
    [2011/08/09 13:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WinUser\Application Data\RaidCall
    [2011/09/27 20:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\WinUser\Application Data\uTorrent

    ========== Purity Check ==========




    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/11/19 10:30:54 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/12/10 17:06:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/12/10 18:43:54 | 000,020,883 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/06/06 14:26:46 | 000,006,832 | RH-- | M] () -- C:\dell.sdr
    [2007/12/08 11:58:20 | 000,000,052 | ---- | M] () -- C:\hello.ltr
    [2011/12/10 18:15:23 | 3488,047,104 | -HS- | M] () -- C:\hiberfil.sys
    [2007/06/14 16:45:07 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2006/12/24 00:37:53 | 000,002,737 | ---- | M] () -- C:\install22899.log
    [2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/06/26 22:17:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/12/10 18:14:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2007/12/08 11:54:07 | 000,000,050 | ---- | M] () -- C:\quick.ltr
    [2011/12/09 17:38:34 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2007/09/20 13:00:18 | 000,001,080 | ---- | M] () -- C:\Temperature.java

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 16:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2007/08/22 12:37:53 | 000,001,546 | -H-- | M] () -- C:\Documents and Settings\WinUser\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2011/06/26 22:27:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/26 23:06:52 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\WinUser\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/11 16:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\WinUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/06/26 23:06:52 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\WinUser\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/26 23:28:40 | 000,000,888 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/12/10 20:05:03 | 000,163,840 | ---- | M] () -- C:\Documents and Settings\WinUser\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe


    < %SYSTEMROOT%\Installer\*.exe >
    [2006/10/18 17:27:58 | 000,581,632 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [4 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 04:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 22:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 04:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "NoAUShutdownOption" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  21. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Extra.txt

    OTL Extras logfile created on: 12/10/2011 8:05:09 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\WinUser\Desktop\TroubleShooting
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 79.15% Memory free
    5.09 Gb Paging File | 4.54 Gb Available in Paging File | 89.26% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 440.49 Gb Total Space | 346.40 Gb Free Space | 78.64% Space Free | Partition Type: NTFS

    Computer Name: KRYSTAL-XPS | User Name: WinUser | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-1631034213-456783739-708485660-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "56946:TCP" = 56946:TCP:*:Enabled:pando Media Booster
    "56946:UDP" = 56946:UDP:*:Enabled:pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "56946:TCP" = 56946:TCP:*:Enabled:pando Media Booster
    "56946:UDP" = 56946:UDP:*:Enabled:pando Media Booster

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe" = C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\utorrent\utorrent.exe" = C:\Program Files\utorrent\utorrent.exe:*:Enabled:µTorrent -- ()
    "C:\Program Files\Steam\SteamApps\titanium_fink\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\titanium_fink\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe" = C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe" = C:\Program Files\VMware\VMware View\Client\bin\vmware-remotemks.exe:*:Enabled:VMware Remote MKS -- (VMware, Inc.)
    "C:\Program Files\VMware\VMware View\Client\bin\wswc.exe" = C:\Program Files\VMware\VMware View\Client\bin\wswc.exe:*:Enabled:VMware View Client -- (VMware, Inc.)
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Disabled:Crysis_32 -- (Crytek GmbH)
    "C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Disabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
    "C:\Program Files\Dell\MediaDirect\PCMService.exe" = C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Disabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{32A3A4F4-B792-11D6-A78A-00B0D0150120}" = J2SE Development Kit 5.0 Update 12
    "{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java(TM) SE Development Kit 6 Update 2
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
    "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
    "{63015986-2B3F-4B90-9DC8-9C46BD00854F}" = Fiesta
    "{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
    "{64658686-0CD4-4CF6-983D-0A6BE32007DB}" = Business Complete Care Services Agreement
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{CA78EE0D-B198-46BF-80E6-89EE4D49101D}" = VMware View Client
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast" = avast! Free Antivirus
    "C2B1D8EA078A4E96218930E83D0EAC2D29D31968" = Windows Driver Package - Broadcom Bluetooth (02/24/2004 5.1.2535.0)
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "Creative Audio Pack" = Creative Audio Pack
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "getPlus(R)_ocx" = getPlus(R)_ocx
    "Hawkes Update Service Manager" = Hawkes Update Service Manager
    "HyperCam 2" = HyperCam 2
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48}" = OZ776 SCR CardBus Windows Driver
    "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NVIDIA Drivers" = NVIDIA Drivers
    "Pen Tablet Driver" = Bamboo
    "ProInst" = Intel(R) PROSet/Wireless Software
    "PunkBusterSvc" = PunkBuster Services
    "RaidCall" = RaidCall
    "SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
    "SearchAssist" = SearchAssist
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "Statistics (Fall 2011 Student)" = Statistics (Fall 2011 Student)
    "Steam App 220" = Half-Life 2
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 3483" = Peggle Extreme
    "Steam App 380" = Half-Life 2: Episode One
    "Steam App 400" = Portal
    "Steam App 420" = Half-Life 2: Episode Two
    "Steam App 440" = Team Fortress 2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VideoLAN VLC media player 0.8.6c
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/10/2011 1:54:08 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: The connection with the server was terminated abnormally

    Error - 12/10/2011 1:54:08 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: This network connection does not exist.

    Error - 12/10/2011 1:54:26 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: The connection with the server was terminated abnormally

    Error - 12/10/2011 1:54:26 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: This network connection does not exist.

    Error - 12/10/2011 1:54:36 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: This network connection does not exist.

    Error - 12/10/2011 1:54:36 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: This network connection does not exist.

    Error - 12/10/2011 1:54:56 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: The connection with the server was terminated abnormally

    Error - 12/10/2011 1:54:56 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131077
    Description = Failed auto update retrieval of third-party root certificate from:
    <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3921C115C15D0ECA5CCB5BC4F07D21D8050B566A.crt>
    with error: This network connection does not exist.

    Error - 12/10/2011 6:13:53 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 12/10/2011 6:13:54 PM | Computer Name = KRYSTAL-XPS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.


    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    It must be some anti-spammer feature. I'm not really sure. You'd have to ask one of the mods.


    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      [2011/12/09 00:46:53 | 000,007,300 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mfxohs1i3ayd7dmt3eyg4j022m8l
      [2011/12/09 00:46:52 | 000,007,300 | -HS- | M] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\mfxohs1i3ayd7dmt3eyg4j022m8l
      [2011/12/10 16:05:36 | 000,017,936 | -HS- | C] () -- C:\Documents and Settings\WinUser\Local Settings\Application Data\785717l4t046v007b072k0fkc2y2
      [2011/12/10 16:05:36 | 000,017,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\785717l4t046v007b072k0fkc2y2
      [2011/12/09 13:30:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6qs7hgii.com.b
      [2011/12/09 13:28:20 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gtcngtx.dat
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    Alright will do the above mentioned asap

    I do have a question though, what actually fixed my problem? The original scan by MalwarBytes seemed to flush the extra iexplore and the other randomly named processes that turned out to be Trojans and the like, then the ComboFix seem to take care of the virus Antivirus 2012. What did these scans and tests do to actually eradicate the issues? Before I have simply used my virus scans to fix what they found and then the ones that couldn't be deleted through the scan I manually went into the root directories and deleted them myself. Sometimes this worked other times it seem to send the virus into hiding till it decided to show up again. Sometimes I only got part of it and thus it still came out to play with me. I know for a fact though if I run across something over my head like this again I will certainly be back, you have been more than helpful and have cleaned my machine within the time span of a day and a half, give or take. I'll also refer my friends this way as well.

    Off I go to scan again. :)
     
  24. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    One of the main obstacles was infected i8042prt.sys file, which was replaced with healthy version by Combofix.
     
  25. haikuxx

    haikuxx TS Rookie Topic Starter Posts: 25

    I see, I guess I'm not use to reading the logs these systems produce, I can understand some of it, but not all of it. How and why was that system file defiled and how can I avoid this in the future? I visit a select few sites frequently and rarely do random surfing, am always watching what I download or click on etc, thus why I am baffled by how this keeps finding me. I know there is no magic way to avoid it but I do like to know what caused the problem to begin with.

    Also another update as I'm going through between running this next set of scans, my computer was charging along just fine, but now its taking forever to bring up a program. Once the first scan of the last post you gave me finished and rebooted the computer it took 10minutes or more to finally bring up the screen for me to click a user and sign in, it took another 3 or 5 minutes for me to be able to type in my password and another good 10minutes to load my desktop screen and the pattern continues with trying to open firefox or any other program. My CPU usage is around normal, its not spiking other than when I'm asking a program to do something and even then doesn't normally get about 60%. Is something causing this or do I need to just continue with these scans and leave the computer running over night again to complete them?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...