Please help! That nasty Sirefef got me.

Solved
By Phasmos
May 20, 2012
  1. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Well, now I'm really frustrated. Downloaded Rkill and ran it; here's the resulting log:

    ------------------------------------------------------------------------
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 05/23/2012 at 23:24:15.
    Operating System: Microsoft Windows XP

    Processes terminated by Rkill or while it was running:

    Rkill completed on 05/23/2012 at 23:24:22.
    ------------------------------------------------------------------------

    So I downloaded a fresh copy of Combofix (and renamed it "yourname" because I'm a smart-***). Ran it, heard a pair of beeps and saw a screen which informed me that Combofix had detected the presence of an active scan which might compromise its ability to function. This screen informed me that Microsoft Security Essentials was still active, and a visit to the Security Settings window showed "Virus Protection" as ON, with a green light and no way to disable it.

    The problem is... I uninstalled MSE days ago and can find NO trace of it to turn off or delete.

    I got mad, decided that it was a false positive of some kind and tried to run Combofix anyway (which helpfully informed me that, as MSE was "active," I would be proceeding at my own risk). The result was the same as before. "Scan may take up to 10 minutes," etc., followed by no activity at all.

    Should I keep running Rkill variants and new copies of Combofix until I get lucky?
  2. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    You did fine.

    How long did you wait?
  3. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Waited an hour and a half this time. At one point, a warning window appeared to tell me that Virtual Memory was too low. I clicked "OK" and continued to wait for Combofix to do something... anything... but no dice.

    What's next? :(
  4. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  5. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    OK, here are the results from OTL:

    OTL logfile created on: 5/25/2012 7:23:19 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Ann\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    255.00 Mb Total Physical Memory | 118.04 Mb Available Physical Memory | 46.29% Memory free
    619.83 Mb Paging File | 419.05 Mb Available in Paging File | 67.61% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 17.68 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
    Drive F: | 1.87 Gb Total Space | 0.55 Gb Free Space | 29.42% Space Free | Partition Type: FAT

    Computer Name: HOME1 | User Name: Ann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/25 19:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/25 17:02:23 | 001,762,816 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12052501\algo.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (ScanWscS)
    SRV - File not found [Auto | Stopped] -- -- (Quick Update Service)
    SRV - File not found [Disabled | Stopped] -- -- (NT Online Protection)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update Service (gupdatem)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRESP50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMP50)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (DgiVecp)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
    DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2012/03/06 15:31:16 | 000,011,712 | ---- | M] (Pro Softnet Crop provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RemotePCmirror.sys -- (RemotePCmirror)
    DRV - [2010/12/27 14:47:18 | 000,008,792 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
    DRV - [2010/07/04 15:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
    DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/04/30 19:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/04/30 19:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 200(UVC)
    DRV - [2009/04/30 19:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 19:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/09/23 22:39:48 | 000,019,960 | ---- | M] (Quick Heal Technologies (P) Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SCREENNT.SYS -- (ScreenNT)
    DRV - [2008/09/23 22:39:46 | 000,040,056 | ---- | M] (Quick Heal Technologies (P) Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ONLINENT.SYS -- (OnlineNT)
    DRV - [2008/09/23 22:39:45 | 000,012,160 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EMLTDI.SYS -- (EMLSS)
    DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2007/07/02 15:41:11 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2007/07/02 15:41:10 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2005/04/05 21:54:36 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
    DRV - [2005/04/05 21:54:36 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2005/04/05 21:54:36 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2005/04/05 21:54:36 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2002/12/17 15:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
    DRV - [2002/10/09 13:50:52 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2002/10/09 13:50:16 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2002/10/09 13:44:10 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
    DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
    DRV - [2001/08/22 11:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
    DRV - [1999/12/17 04:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15387
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\URLSearchHook: {D645D96B-4DF0-6920-FF94-1444928741B6} - SOFTWARE\Classes\CLSID\{D645D96B-4DF0-6920-FF94-1444928741B6}\InprocServer32 File not found
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\SearchScopes,DefaultScope = {1EFE0194-C2A4-4DDE-8200-A371AE1AA427}
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\SearchScopes\{0FD4E773-894E-45A0-9DD7-D1342D65B0E5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=783025E9-AE33-4DCD-A860-E1AE208F3C80
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\SearchScopes\{1EFE0194-C2A4-4DDE-8200-A371AE1AA427}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\SearchScopes\{CB59DDF8-2D50-4521-80A8-0398C2640266}: "URL" = http://www.infospace.com/vzn.dsl.tb...?pgtarg=wbsdogpile&qcat=web&qkw={searchTerms}
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2910: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Ann\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/18 13:01:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/07 21:04:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/02 10:39:11 | 000,000,000 | ---D | M]

    [2009/06/11 19:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions
    [2009/06/11 19:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2012/05/23 23:57:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qp2yy1dl.default\extensions
    [2011/09/02 22:56:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qp2yy1dl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/26 18:57:35 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qp2yy1dl.default\searchplugins\askcom.xml
    [2007/06/27 16:22:28 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qp2yy1dl.default\searchplugins\verizonsearch.xml
    [2012/05/18 14:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/09 23:14:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
    [2007/07/12 17:26:18 | 000,001,057 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\verizonsearch.xml

    O1 HOSTS File: ([2012/05/20 01:20:58 | 000,000,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - File not found
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - File not found
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Support.com Configuration Class)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D13342B-9363-4D52-A1EA-A9EE72EF2759}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/09/25 09:04:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
  6. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    (OTL results, pt. 2):

    Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
    Drivers32: msacm.ctmp3 - C:\WINDOWS\system32\ctmp3.acm (Creative Technology Ltd.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/25 19:15:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe
    [2012/05/24 21:32:06 | 000,000,000 | --SD | C] -- C:\yourname
    [2012/05/22 12:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\Desktop\Debugging Files
    [2012/05/20 02:52:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ann\Recent
    [2012/05/20 01:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
    [2012/05/19 22:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
    [2012/05/19 20:44:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/05/19 20:40:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/05/19 20:40:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/05/19 20:40:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/05/19 20:40:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/05/19 20:40:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/19 00:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ann\My Documents\Downloads
    [2012/05/18 13:02:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2012/05/18 13:02:44 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2012/05/18 13:02:44 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2012/05/18 13:02:38 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2012/05/18 13:02:37 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2012/05/18 13:02:36 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2012/05/18 13:02:35 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2012/05/18 13:02:35 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2012/05/18 13:02:34 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2012/05/18 13:01:23 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2012/05/18 13:01:20 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2012/05/18 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/05/18 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2012/05/18 12:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry First Aid
    [2012/05/16 23:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/05/03 16:03:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ann\My Documents\My Videos
    [2012/05/02 10:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2012/05/02 10:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/05/02 10:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/05/02 10:38:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
    [2012/05/02 10:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2012/05/01 23:49:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD43
    [2012/05/01 23:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/25 19:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe
    [2012/05/25 18:11:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/05/25 18:08:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/05/25 18:08:04 | 267,460,608 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/25 18:07:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2012/05/25 18:07:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2012/05/24 01:21:57 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2012/05/23 22:05:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/05/23 10:57:11 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Ann\Desktop\Microsoft Word.lnk
    [2012/05/23 07:09:10 | 000,062,976 | ---- | M] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/05/22 13:00:43 | 000,039,732 | ---- | M] () -- C:\Documents and Settings\Ann\Application Data\wklnhst.dat
    [2012/05/20 02:39:39 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/05/20 02:17:28 | 000,000,844 | ---- | M] () -- C:\WINDOWS\System32\.crusader
    [2012/05/18 13:02:46 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/05/18 13:02:36 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2012/05/16 22:32:10 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2012/05/16 22:29:17 | 000,768,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/05/14 11:42:48 | 000,725,408 | ---- | M] () -- C:\Documents and Settings\Ann\My Documents\cc_20120514_114231.reg
    [2012/05/02 10:51:55 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/04/30 10:23:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/05/20 23:46:33 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Ann\Start Menu\Programs\MalwareBytes Anti-Malware.lnk
    [2012/05/20 02:17:28 | 000,000,844 | ---- | C] () -- C:\WINDOWS\System32\.crusader
    [2012/05/19 23:26:53 | 267,460,608 | -HS- | C] () -- C:\hiberfil.sys
    [2012/05/19 20:44:38 | 000,000,212 | ---- | C] () -- C:\Boot.bak
    [2012/05/19 20:44:33 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/05/19 20:40:48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/05/19 20:40:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/05/19 20:40:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/05/19 20:40:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/05/19 20:40:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/05/19 01:47:36 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/05/18 13:02:46 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2012/05/14 11:42:39 | 000,725,408 | ---- | C] () -- C:\Documents and Settings\Ann\My Documents\cc_20120514_114231.reg
    [2012/05/02 10:51:55 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2012/04/03 12:13:48 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
    [2012/02/14 23:15:20 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\DVDRipper_sysquict.dat
    [2012/02/13 11:54:55 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\Ann\Application Data\mpdt294
    [2012/02/13 11:54:45 | 000,000,383 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
    [2011/09/19 13:58:35 | 000,198,521 | ---- | C] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\census.cache
    [2011/09/19 13:58:07 | 000,184,157 | ---- | C] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\ars.cache
    [2011/02/23 00:32:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Ann\Local Settings\Application Data\housecall.guid.cache
    [2011/01/17 15:38:01 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2011/01/17 15:38:01 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2011/01/17 15:37:50 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ann\Application Data\$_hpcst$.hpc
    [2011/01/14 12:44:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\exit32.dll
    [2011/01/14 12:44:03 | 000,002,962 | ---- | C] () -- C:\WINDOWS\nedprint.ini

    ========== LOP Check ==========

    [2012/05/18 13:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2009/10/05 22:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
    [2010/01/26 23:32:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
    [2007/05/30 02:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FRISK Software
    [2012/05/20 02:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
    [2006/06/13 11:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MVTLogs
    [2007/12/12 22:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2009/10/05 22:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
    [2008/09/23 22:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quick Heal
    [2011/01/17 15:38:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
    [2012/04/21 07:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2008/01/18 00:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
    [2007/01/17 13:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
    [2011/02/22 23:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/10/05 22:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
    [2009/10/05 22:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vhosts
    [2007/06/22 10:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2012/05/02 10:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2007/01/26 13:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\acccore
    [2012/05/13 21:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\BitTorrent
    [2009/11/01 18:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\BitZipper
    [2012/02/13 11:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\BoutellDotCom
    [2011/11/21 01:40:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Canon
    [2012/05/08 22:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\CoreFTP
    [2012/05/12 08:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Dropbox
    [2012/02/15 01:21:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\dvdae
    [2010/06/15 23:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Facebook
    [2009/11/20 00:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\FileZilla
    [2010/01/26 23:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Final Draft
    [2012/05/04 03:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\HandBrake
    [2012/02/09 23:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\iMapBuilder
    [2010/02/05 19:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Leadertech
    [2010/09/03 16:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\LimeWire
    [2005/05/26 20:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\MailFrontier
    [2007/12/12 22:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\NCH Swift Sound
    [2009/10/05 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Nikon
    [2011/01/17 15:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Samsung
    [2008/11/13 02:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Snapfish
    [2010/12/25 01:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Stella
    [2007/12/31 16:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\Template
    [2007/10/15 15:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ann\Application Data\vol_toolbar
    [2006/12/30 18:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\EarthLink Toolbar

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/03/05 09:24:46 | 000,000,353 | ---- | M] () -- C:\aaw7boot.log
    [2008/09/25 09:04:13 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2012/05/16 22:32:10 | 000,000,212 | ---- | M] () -- C:\Boot.bak
    [2012/05/24 01:21:57 | 000,000,328 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2005/04/05 19:26:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2012/05/25 18:08:04 | 267,460,608 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/04 08:34:57 | 000,000,523 | ---- | M] () -- C:\hpfr3420.xml
    [2009/10/04 08:34:57 | 000,138,181 | ---- | M] () -- C:\hpfr3425.log
    [2009/05/29 11:38:49 | 000,000,800 | -H-- | M] () -- C:\hpothb07.dat
    [2009/05/27 13:54:46 | 000,032,592 | -H-- | M] () -- C:\hpothb07.tif
    [2005/04/05 19:26:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/07/21 11:57:53 | 000,002,559 | -H-- | M] () -- C:\IPH.PH
    [2005/04/05 19:26:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2005/04/10 14:33:36 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/18 21:40:17 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/05/25 18:07:49 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
    [2009/04/07 00:12:33 | 000,000,678 | ---- | M] () -- C:\qhdebug.log
    [2012/05/23 23:24:22 | 000,000,359 | ---- | M] () -- C:\rkill.log
    [2012/05/19 00:46:53 | 000,095,626 | ---- | M] () -- C:\TDSSKiller.2.7.35.0_19.05.2012_00.41.46_log.txt
    [2012/05/20 01:01:27 | 000,097,508 | ---- | M] () -- C:\TDSSKiller.2.7.35.0_20.05.2012_00.58.50_log.txt
    [2012/05/20 01:07:35 | 000,087,942 | ---- | M] () -- C:\TDSSKiller.2.7.35.0_20.05.2012_01.06.03_log.txt
    [2012/05/22 13:25:08 | 000,086,478 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_22.05.2012_13.21.34_log.txt
    [2009/03/21 10:06:58 | 000,001,152 | -HS- | M] () -- C:\xdnt32fn.sys

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2005/04/05 19:26:15 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2007/06/06 18:23:32 | 001,047,341 | ---- | M] (andUP GmbH && Co.KG) -- C:\WINDOWS\The HAL 9000 Screensaver.scr
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/05/29 11:37:13 | 000,000,588 | -H-- | M] () -- C:\Program Files\hpothb07.dat
    [2009/05/27 13:49:42 | 000,000,999 | -H-- | M] () -- C:\Program Files\hpothb07.tif
    [2008/02/12 18:14:43 | 000,000,000 | ---- | M] () -- C:\Program Files\SOUNDPAD.BMP
    [2001/10/31 13:07:50 | 000,249,856 | ---- | M] (Menace Software) -- C:\Program Files\SOUNDPAD.EXE
    [1996/01/17 20:35:12 | 000,027,315 | ---- | M] () -- C:\Program Files\SOUNDPAD.HLP
    [1996/02/03 20:10:08 | 000,000,428 | ---- | M] () -- C:\Program Files\SOUNDPAD.INI

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/04/05 12:04:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2005/04/05 12:04:26 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2005/04/05 12:04:26 | 000,393,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/18 21:48:10 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/04/10 16:45:08 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Ann\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/04/05 20:12:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Ann\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/25 19:15:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ann\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2002/09/03 12:46:18 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2012/05/25 18:08:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2008/02/14 12:41:06 | 000,584,944 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ann\My Documents\WindowsXP-KB900485-v2-x86-ENU.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/04/10 16:45:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Ann\Favorites\Desktop.ini
    [2007/12/12 22:13:18 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\Ann\Favorites\NCH Audio and Telephony Software Page.lnk
    [2007/10/15 15:17:48 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\Ann\Favorites\Verizon Central.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/05/29 09:30:15 | 000,000,253 | -H-- | M] () -- C:\Documents and Settings\All Users\hpothb07.tif

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/01/15 15:27:39 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Ann\Cookies\desktop.ini
    [2012/05/25 18:10:23 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Ann\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/09/03 12:39:47 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 15:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 15:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 18:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/09/03 12:49:05 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/09/03 12:49:07 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/09/03 12:51:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 15:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 14:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [2002/07/17 17:22:34 | 000,003,535 | ---- | M] () -- C:\WINDOWS\system\Wowpost.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-16 15:16:48

    ========== Files - Unicode (All) ==========
    [2009/10/13 15:44:24 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Ann\My Documents\????????? ??p??.doc) -- C:\Documents and Settings\Ann\My Documents\Εἰρηνικὁς Κἣπος.doc
    [2009/08/27 10:05:36 | 000,458,240 | ---- | M] ()(C:\Documents and Settings\Ann\My Documents\e?????.doc) -- C:\Documents and Settings\Ann\My Documents\εἰρήνη.doc
    [2009/08/27 10:05:35 | 000,458,240 | ---- | C] ()(C:\Documents and Settings\Ann\My Documents\e?????.doc) -- C:\Documents and Settings\Ann\My Documents\εἰρήνη.doc
    [2009/08/25 11:01:41 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Ann\My Documents\????????? ??p??.doc) -- C:\Documents and Settings\Ann\My Documents\Εἰρηνικὁς Κἣπος.doc
    [2007/02/16 13:48:38 | 000,000,000 | ---D | M](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft
    [2007/02/16 13:48:38 | 000,000,000 | ---D | C](C:\WINDOWS\?icrosoft) -- C:\WINDOWS\Μicrosoft

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD

    < End of report >
  7. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    OTL Extras results:

    OTL Extras logfile created on: 5/25/2012 7:23:19 PM - Run 1
    OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Ann\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    255.00 Mb Total Physical Memory | 118.04 Mb Available Physical Memory | 46.29% Memory free
    619.83 Mb Paging File | 419.05 Mb Available in Paging File | 67.61% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 17.68 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
    Drive F: | 1.87 Gb Total Space | 0.55 Gb Free Space | 29.42% Space Free | Partition Type: FAT

    Computer Name: HOME1 | User Name: Ann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21BCE515-D5A3-11D4-8E33-0010B53EC668}" = Ulead Photo Express 4.0 My Custom Edition
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 29
    "{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
    "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}" = Adobe InDesign CS
    "{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90DC88AA-D980-4358-8723-4D4DC945CE08}" = Descreen 5.0 beta 9 plug-in for Adobe Photoshop (32 bit)
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}" = SnagIt 8
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E2B64929-B616-4235-B10E-D26D686296F9}" = GiPo@FileUtilities 3.2
    "{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "AIM_6.0" = AIM 6.0
    "aTube Catcher" = aTube Catcher
    "Audacity_is1" = Audacity 1.2.6
    "avast" = avast! Free Antivirus
    "BitTorrent" = BitTorrent
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K DF PCI Modem
    "Core FTP LE 1.3c" = Core FTP LE 1.3c
    "CreataCard Gold 3" = CreataCard Gold 3
    "CrossFont_is1" = CrossFont version 6.2
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "DivX Setup.divx.com" = DivX Setup
    "DVD Audio Extractor_is1" = DVD Audio Extractor 6.3.0
    "DVD43_is1" = DVD43 v4.6.0
    "FMCODEC" = FM Screen Capture Codec (Remove Only)
    "Free&Easy Font Viewer_is1" = Free&Easy Font Viewer 1.2
    "HandBrake" = HandBrake 0.9.6
    "hp instant support" = hp instant support
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{E6696A8C-C55A-405C-AFEB-F3880A8BAA45}" = iPod Update 2004-04-28
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "lvdrivers_12.0" = Logitech Webcam Software Driver Package
    "Macromedia Flash 4" = Macromedia Flash 4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Mapedit" = Mapedit
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Money2006b" = Microsoft Money 2006
    "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!
    "NVIDIA Display Driver" = NVIDIA Display Driver
    "NVIDIA Drivers" = NVIDIA Drivers
    "PictureItPrem_v11" = Microsoft Digital Image Standard 2006
    "PROSet" = Intel(R) PRO Ethernet Adapter and Software
    "RealPlayer 6.0" = RealPlayer
    "Remote Access Viewer_is1" = Remote Access Viewer Ver 4.5.1
    "SoundPad" = Sound Pad
    "ST6UNST #1" = Kontsina
    "Stella_is1" = Stella 3.3
    "Switch" = Switch
    "TaxCut Deluxe 2005" = TaxCut Deluxe 2005
    "The HAL 9000 Screensaver.scr" = The HAL 9000 Screensaver
    "Unlocker" = Unlocker 1.9.1
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordPerfect Office 2002" = WordPerfect Office 2002
    "Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = aTube Toolbar Updater
    "Dropbox" = Dropbox
    "Facebook Plug-In" = Facebook Plug-In

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/21/2012 9:19:23 PM | Computer Name = HOME1 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 5/22/2012 12:22:46 PM | Computer Name = HOME1 | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 5/22/2012 12:22:47 PM | Computer Name = HOME1 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 5/22/2012 11:06:51 PM | Computer Name = HOME1 | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 5/22/2012 11:06:51 PM | Computer Name = HOME1 | Source = SecurityCenter | ID = 1802
    Description = The Windows Security Center Service was unable to establish event
    queries with WMI to monitor third party AntiVirus and Firewall.

    Error - 5/23/2012 9:01:03 AM | Computer Name = HOME1 | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module divxdech264.ax, version 9.0.1.21, fault address 0x00059299.

    Error - 5/23/2012 10:03:16 PM | Computer Name = HOME1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/23/2012 10:03:16 PM | Computer Name = HOME1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 36735422

    Error - 5/23/2012 10:03:16 PM | Computer Name = HOME1 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 36735422

    Error - 5/23/2012 11:45:26 PM | Computer Name = HOME1 | Source = CardSpace 3.0.0.0 | ID = 327949
    Description = The Windows CardSpace service is too busy to process this request.
    User has too many outstanding requests. Additional Information: at System.Environment.GetStackTrace(Exception
    e, Boolean needFileInfo) at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException
    ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception
    e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception
    e) at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)

    at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity
    callerIdentity, Int32 tsSessionId) at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle
    monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)

    at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle,
    IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

    [ System Events ]
    Error - 5/25/2012 7:16:57 AM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 5/25/2012 6:09:55 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7000
    Description = The DgiVecp service failed to start due to the following error: %%2

    Error - 5/25/2012 6:09:55 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%3

    Error - 5/25/2012 6:09:55 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7000
    Description = The Quick Heal AntiVirus Plus Mail Protection service failed to start
    due to the following error: %%3

    Error - 5/25/2012 6:09:55 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7000
    Description = The Quick Update Service service failed to start due to the following
    error: %%3

    Error - 5/25/2012 6:09:55 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7000
    Description = The Quick Heal Helper Service WSC service failed to start due to the
    following error: %%3

    Error - 5/25/2012 6:09:55 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7023
    Description = The Computer Browser service terminated with the following error:
    %%1060

    Error - 5/25/2012 6:10:08 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    TfFsMon TfSysMon

    Error - 5/25/2012 6:10:41 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 5/25/2012 6:10:41 PM | Computer Name = HOME1 | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053


    < End of report >
  8. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (ScanWscS)
      SRV - File not found [Auto | Stopped] -- -- (Quick Update Service)
      SRV - File not found [Disabled | Stopped] -- -- (NT Online Protection)
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
      SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update Service (gupdatem)
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
      DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TfNetMon)
      DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
      IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15387
      IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
      IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\URLSearchHook: {D645D96B-4DF0-6920-FF94-1444928741B6} - SOFTWARE\Classes\CLSID\{D645D96B-4DF0-6920-FF94-1444928741B6}\InprocServer32 File not found
      IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
      IE - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      FF - prefs.js..browser.search.order.1: "Ask.com"
      [2012/01/26 18:57:35 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qp2yy1dl.default\searchplugins\askcom.xml
      O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
      O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
      O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - File not found
      O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - File not found
      O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O3 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
      O3 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O3 - HKU\S-1-5-21-1123561945-1580818891-682003330-1005\..\Toolbar\WebBrowser: (Verizon Broadband Toolbar) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - File not found
      O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
      O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
      O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab (Reg Error: Key error.)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
      @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  9. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Here are the OTL post-reboot results... Looks promising!

    All processes killed
    ========== OTL ==========
    Service ScanWscS stopped successfully!
    Service ScanWscS deleted successfully!
    Service Quick Update Service stopped successfully!
    Service Quick Update Service deleted successfully!
    Service NT Online Protection stopped successfully!
    Service NT Online Protection deleted successfully!
    Service gusvc stopped successfully!
    Service gusvc deleted successfully!
    File C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe not found.
    Error: No service named gupdatem) Google Update Service (gupdatem was found to stop!
    Service\Driver key gupdatem) Google Update Service (gupdatem not found.
    File C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc not found.
    Error: No service named gupdate) Google Update Service (gupdate was found to stop!
    Service\Driver key gupdate) Google Update Service (gupdate not found.
    File C:\Program Files\Google\Update\GoogleUpdate.exe /svc not found.
    Service TfSysMon stopped successfully!
    Service TfSysMon deleted successfully!
    File system32\drivers\TfSysMon.sys not found.
    Service TfNetMon stopped successfully!
    Service TfNetMon deleted successfully!
    Service TfFsMon stopped successfully!
    Service TfFsMon deleted successfully!
    File system32\drivers\TfFsMon.sys not found.
    HKU\S-1-5-21-1123561945-1580818891-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry value HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D645D96B-4DF0-6920-FF94-1444928741B6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D645D96B-4DF0-6920-FF94-1444928741B6}\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
    HKU\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.order.1
    C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qp2yy1dl.default\searchplugins\askcom.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1123561945-1580818891-682003330-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\musicmatch.com\online\ deleted successfully.
    Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
    C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
    Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
    C:\WINDOWS\Downloaded Program Files\swflash64.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\Μicrosoft folder moved successfully.

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Ann
    ->Temp folder emptied: 7785570 bytes
    ->Temporary Internet Files folder emptied: 567190 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 56046585 bytes
    ->Flash cache emptied: 189118 bytes

    User: Ann.HOME1

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temp folder emptied: 4745 bytes
    ->Temporary Internet Files folder emptied: 27864958 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 646 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 128478 bytes
    ->Flash cache emptied: 300 bytes

    User: NetworkService
    ->Temp folder emptied: 68092 bytes
    ->Temporary Internet Files folder emptied: 8277906 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1145957 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1863380 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 235190497 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1204307 bytes
    RecycleBin emptied: 4524881 bytes

    Total Files Cleaned = 329.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Ann
    ->Java cache emptied: 0 bytes

    User: Ann.HOME1

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Ann
    ->Flash cache emptied: 0 bytes

    User: Ann.HOME1

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.43.1 log created on 05252012_222750

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  10. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Moving on to the Java reinstall now...
  11. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    New Java installed; here's the Security Check log:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Norton Spyware Scan provided by Yahoo!
    Norton Spyware Scan
    CCleaner
    JavaFX 2.1.0
    Java(TM) 6 Update 29
    Java(TM) 7 Update 4
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastUI.exe
    ``````````End of Log````````````
     
  12. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Don't know why it says that about Java; I just installed the (supposedly) latest version...?

    Moving on to Farbar... I think you knocked the sucker out!! This thing is running like a dream once again. :)
  13. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Farbar results:

    Farbar Service Scanner Version: 25-05-2012
    Ran by Ann (administrator) on 25-05-2012 at 23:23:38
    Running from "C:\Documents and Settings\Ann\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    sharedaccess Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
    The ServiceDll of sharedaccess service is OK.
    Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit


    **** End of log ****
  14. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    I'm glad to hear good news :)

    Go on with Eset....
  15. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Eset reports... NO THREATS FOUND! :D

    I'm going to reboot and see what happens, however. Something still rearranged my desktop icons on the last restart.

    I noticed that the OTL super-duper file scrubber was set to filter files from within the past 30 days. Is it possible that there may still be some dangerous residual files lurking around if it's been present on the system for longer than that? Or would one of the post-cleaning scans have caught it?

    Anyway, I'll reboot and post the results here, just for the halibut...
  16. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Yay! The desktop stayed put! The firewall, however, still can't be reactivated. The error I get says, "Due to an unidentified problem, Windows cannot display Windows firewall settings." Could the file have been deleted or ruined by the virus? Can I maybe download and reinstall a new version of it from Microsoft?

    Firefox still seems a bit "twitchy" (though admittedly it is not the latest version). The cursor still drags a bit from time to time, also. Could this be residual trouble, or is it normal behavior for a computer in this "post-operative" condition?

    Presumably, my passwords, account numbers, and other personal information have been collected or compromised, yes? Should I run around resetting these?

    Also, Windows Security Center still insists "Microsoft Security Essentials is up to date and virus scanning is on." How can this be, if I deleted the program several days ago? There's no trace of it in the Program Files folder. Should I download and reinstall that, too?

    Should I keep any of these various programs I've downloaded for protection or scanning purposes, or are they all too specialized to bother with hanging on to?

    Can you recommend any general cleaning or overall "housekeeping" procedures?

    Looking forward to your response. Broni, THANK YOU so very much for all your time and help!! :)
  17. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Uninstall:
    JavaFX 2.1.0
    Java(TM) 6 Update 29

    Is your Windows firewall turned on?
  18. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Sucessfully uninstalled JavaFX 2.1.0, but...

    Tried to uninstall Java 6 update 29 and failed. Error message read:

    "Internal Error 2753. regutils.dll

    Fatal error during installation."

    Couldn't complete the uninstall. Corrupt file...?
  19. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    That's fine.

  20. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Firewall still doesn't work, though.
  21. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Registry Editor will open.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.

    Download following two registry keys:
    http://download.bleepingcomputer.com/win-services/xp/LEGACY_SHAREDACCESS.reg
    http://download.bleepingcomputer.com/win-services/xp/SharedAccess.reg
    Double click on each of downloaded files and confirm the prompt.

    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer.
    Post new FSS log.
  22. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Sorry - dumb question... What's an FSS log? And how do I generate one?
  23. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    You still have that utility.
    See my reply #33:

  24. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Ah! OK. Didn't recognize the acronym. Will apply changes now...
  25. Phasmos

    Phasmos Newcomer, in training Topic Starter Posts: 53

    Here's the log:

    Farbar Service Scanner Version: 25-05-2012
    Ran by Ann (administrator) on 27-05-2012 at 00:45:37
    Running from "C:\Documents and Settings\Ann\Desktop\Debugging Files"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit


    **** End of log ****


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.