TechSpot

Task master not opening fully, Malware problem?

By SBTHREE
Oct 16, 2010
  1. task master opens when I hit control-alt-delete but it only opens one window and it has not red x. It only closes with alt-f4. Spybot crashes the system during scans and internet explorer keeps crashing. I have gone through the first 5 steps and I am still having the same problems. Attached are the logs. Please review and let me know what to do. (I have to split the logs)

    Thanks,

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4853

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/16/2010 2:13:00 PM
    mbam-log-2010-10-16 (14-13-00).txt

    Scan type: Quick scan
    Objects scanned: 238414
    Time elapsed: 12 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit scan 2010-10-16 16:03:27
    Windows 5.1.2600 Service Pack 3
    Running: jelx1pt7.exe; Driver: C:\DOCUME~1\Sam\LOCALS~1\Temp\pwdoqkoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7B6B286 ZwCreateKey
    SSDT F7B6B27C ZwCreateThread
    SSDT F7B6B28B ZwDeleteKey
    SSDT F7B6B295 ZwDeleteValueKey
    SSDT F7B6B29A ZwLoadKey
    SSDT F7B6B268 ZwOpenProcess
    SSDT F7B6B26D ZwOpenThread
    SSDT F7B6B2A4 ZwReplaceKey
    SSDT F7B6B29F ZwRestoreKey
    SSDT F7B6B290 ZwSetValueKey

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E528D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E52BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1448] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E528D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E52BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2284] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 3E3E528D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 3E3E52BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3840] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011A2F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011A2C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011A2CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011A2CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01922F20] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01922C90] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01922CF0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\WINDOWS\Explorer.EXE[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01922CC0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2284] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)

    Device \FileSystem\Fastfat \Fat EDF53D20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat Tmpreflt.sys (Pre-Filter For XP/Trend Micro Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 92
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesSuccessful 71

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Sam at 16:07:03.34 on Sat 10/16/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.244 [GMT -7:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
    FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\SelectRebates\SelectRebates.exe
    C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\SYSTEM32\astsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\iWin Games\iWinTrusted.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Sam\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - c:\program files\iwin games\iWinGamesHookIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [cwcptray] c:\program files\contentwatch\internet protection\cwtray.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
    mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\sam\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\sam\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\sam\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\sam\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\cwalsp.dll
    Trusted Zone: musicmatch.com\online
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.18.27/ttinst.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\sam\applic~1\mozilla\firefox\profiles\5mdapkq6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-16 11608]
    R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 607576]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-16 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-16 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-16 60936]
    R2 CwAltaService20;ContentWatch;c:\program files\contentwatch\internet protection\cwsvc.exe [2008-1-26 1223168]
    R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2010-9-2 176408]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
    R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
    R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
    R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
    R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
    R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]
    S2 gupdate1ca47a2504f54c4;Google Update Service (gupdate1ca47a2504f54c4);c:\program files\google\update\GoogleUpdate.exe [2009-10-7 133104]

    =============== Created Last 30 ================

    2010-10-16 20:58:51 -------- d-----w- c:\docume~1\sam\applic~1\Malwarebytes
    2010-10-16 20:58:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-16 20:58:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-16 20:58:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 20:58:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-16 20:23:04 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-16 20:22:59 -------- d-----w- c:\program files\Avira
    2010-10-16 20:22:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-10-15 02:49:46 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-15 02:49:46 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-15 02:49:45 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-15 02:49:34 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-09-24 03:07:54 -------- d-----w- c:\program files\Qwest
    2010-09-24 03:02:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Qwest
    2010-09-24 03:01:58 -------- d-----w- c:\windows\XSxS
    2010-09-24 03:01:58 -------- d-----w- c:\program files\Xenocode
    2010-09-22 15:22:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sandlot Games
    2010-09-22 15:22:46 -------- d-----w- c:\program files\common files\Sandlot Shared
    2010-09-22 15:22:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
    2010-09-22 15:22:14 -------- d-----w- c:\program files\iWin Games

    ==================== Find3M ====================

    2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-08 02:36:47 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2010-09-08 02:36:44 56 --sh--r- c:\windows\system32\AC7E2F1273.sys
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-30 22:53:37 398744 ----a-r- c:\windows\system32\cpnprt2.cid
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

    ============= FINISH: 16:07:58.64 ===============
     
  2. SBTHREE

    SBTHREE TS Rookie Topic Starter

    The rest of the logs

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/25/2005 7:54:41 AM
    System Uptime: 10/16/2010 1:45:59 PM (3 hours ago)

    Motherboard: Dell Inc. | | 0C5668
    Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1728/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 89 GiB total, 64.976 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart C4380 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4380 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Deskjet 6980 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Deskjet 6980 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 1320 series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 1320 series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:

    ==== System Restore Points ===================

    RP270: 7/16/2010 3:00:19 AM - Software Distribution Service 3.0
    RP271: 7/17/2010 4:15:27 AM - System Checkpoint
    RP272: 7/18/2010 6:15:26 AM - System Checkpoint
    RP273: 7/19/2010 8:15:31 AM - System Checkpoint
    RP274: 7/26/2010 4:43:38 PM - System Checkpoint
    RP275: 7/30/2010 2:57:36 PM - System Checkpoint
    RP276: 8/4/2010 8:26:33 PM - Software Distribution Service 3.0
    RP277: 8/15/2010 2:48:55 PM - Software Distribution Service 3.0
    RP278: 8/15/2010 7:13:10 PM - Software Distribution Service 3.0
    RP279: 8/15/2010 7:25:47 PM - Software Distribution Service 3.0
    RP280: 8/17/2010 5:56:00 PM - System Checkpoint
    RP281: 8/27/2010 6:21:31 PM - System Checkpoint
    RP282: 8/30/2010 8:19:56 PM - System Checkpoint
    RP283: 9/1/2010 6:41:32 PM - System Checkpoint
    RP284: 9/6/2010 2:18:20 PM - System Checkpoint
    RP285: 9/8/2010 9:11:40 AM - System Checkpoint
    RP286: 9/10/2010 6:05:26 PM - System Checkpoint
    RP287: 9/15/2010 5:30:57 PM - System Checkpoint
    RP288: 9/18/2010 2:53:57 PM - Software Distribution Service 3.0
    RP289: 9/19/2010 10:21:19 PM - Software Distribution Service 3.0
    RP290: 9/21/2010 3:19:07 PM - Software Distribution Service 3.0
    RP291: 9/22/2010 7:57:37 AM - Software Distribution Service 3.0
    RP292: 9/23/2010 8:08:04 PM - Installed Qwest Installer
    RP293: 9/30/2010 3:50:04 PM - Software Distribution Service 3.0
    RP294: 10/2/2010 7:39:16 PM - System Checkpoint
    RP295: 10/5/2010 2:11:52 PM - System Checkpoint
    RP296: 10/7/2010 4:23:39 PM - Software Distribution Service 3.0
    RP297: 10/11/2010 11:02:43 AM - System Checkpoint
    RP298: 10/13/2010 7:38:02 PM - System Checkpoint
    RP299: 10/16/2010 5:59:44 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Ad-Aware 2007
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    AIO_Scan
    AiOSoftware
    ALPS Touch Pad Driver
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    ATI Control Panel
    ATI Display Driver
    Avira AntiVir Personal - Free Antivirus
    Batch DOCX to DOC Converter 2009
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Blasterball 2
    Bonjour
    Broadcom Management Programs 2
    BufferChm
    C4380
    C4380_doccd
    C4380_Help
    Cake Mania (remove only)
    Chuzzle Deluxe
    Compatibility Pack for the 2007 Office system
    Conexant D110 MDC V.92 Modem
    Copy
    Corel Photo Album 6
    Coupon Printer for Windows
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    Cricut DesignStudio
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    CustomerResearchQFolder
    Dell Digital Jukebox Driver
    Dell Game Console
    Dell Media Experience
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    Digby's Donuts
    Digital Content Portal
    Digital Line Detect
    DocProc
    DocProcQFolder
    DocumentViewer
    DQ Tycoon
    Driver Detective
    ebgcInfra
    ebgcRes
    ebgcSDK
    EducateU
    ENERCALC Structural Engineering Library 6.0.19
    eSupportQFolder
    FamilySearch Indexing
    FamilySearch Indexing (www.familysearchindexing.org)
    Fax
    FileZilla Client 3.0.5.2
    Get High Speed Internet!
    Google Chrome
    Google Desktop
    Google Earth
    Google Pack Screensaver
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP Games
    HP Image Zone 4.7
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    HPSystemDiagnostics
    InstantShare
    Intel(R) PROSet/Wireless Software
    InterActual Player
    Internal Network Card Power Management
    Internet Explorer Default Page
    iTunes
    iWin Games (remove only)
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 15
    Java(TM) 6 Update 7
    Jewel Quest 2 - Tournament Edition
    Jewel Quest 2 (remove only)
    Learn2 Player (Uninstall Only)
    Logitech Desktop Messenger
    Logitech Legacy USB Camera Driver Package
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    LP_Flash
    Macromedia Flash Player
    Mall Tycoon 3
    Malwarebytes' Anti-Malware
    MarketResearch
    mCore
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIWA
    mLogView
    mMHouse
    Modem Helper
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (2.0.0.11)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    mSSO
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mToolkit
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    mWlsSafe
    mXML
    MyWay Search Assistant
    mZConfig
    Net Nanny Parental Controls 5.6
    NetDeviceManager
    NetWaiting
    NVIDIA PhysX v8.10.29
    OpenOffice.org 3.1
    PanoStandAlone
    PhotoGallery
    Picasa 2
    Polar Bowler
    Polar Golfer
    PowerDVD 5.5
    ProductContext
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    QFolder
    QuickBooks Simple Start Special Edition
    QuickSet
    QuickTime
    Qwest Installer
    Qwest QuickAssist Desktop Tools
    Readme
    RealPlayer
    Sandlot Games Client Services
    Scan
    ScannerCopy
    SCRABBLE
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    ShopAtHome SelectRebates
    SkinsHP1
    Skype Toolbars
    Skype™ 4.2
    Smash Frenzy 3
    SolutionCenter
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sproink (remove only)
    Spybot - Search & Destroy
    Status
    THQ® Boggle, Upwords, Hangman, and Word Hunter
    Toolbox
    Tradewinds
    TrayApp
    Trend Micro PC-cillin Internet Security 12
    TriJinx
    Turbo Pizza (remove only)
    Uninstall FamilySearch Indexing
    Unload
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    Viewpoint Media Player
    VNC Free Edition 4.1.2
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WebReg
    Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Toolbar
    Zoo Tycoon: Complete Collection

    ==== Event Viewer Messages From Past Week ========

    10/16/2010 6:48:51 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'etilqs_iM1q3ZlwISCcgf9' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    10/16/2010 1:35:33 PM, error: Service Control Manager [7034] - The Trend Micro Real-time Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The Trend Micro Proxy Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The Trend Micro Personal Firewall service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The SupportSoft Listener Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:31 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:28 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:28 PM, error: Service Control Manager [7034] - The NICCONFIGSVC service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:28 PM, error: Service Control Manager [7034] - The iWinTrusted service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:28 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:28 PM, error: Service Control Manager [7034] - The AST Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:27 PM, error: Service Control Manager [7034] - The ContentWatch service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/16/2010 1:35:23 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:23 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:23 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:23 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 1:35:23 PM, error: Service Control Manager [7031] - The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/16/2010 1:21:44 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    10/16/2010 1:21:44 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Sam\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    10/16/2010 1:21:44 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    10/14/2010 7:47:18 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/13/2010 5:43:07 PM, error: PSched [14103] - QoS [Adapter {565E4F6E-2802-4CE8-A42B-BFC5C58BCAC3}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
    10/13/2010 2:24:09 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3FA6D048-54EC-453E-BF39-26200F5D832E} because another computer on the network has the same name. The server could not start.

    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    You're running two AV programs, Avira and TrendMicro.
    One of them has to go. Your choice.

    ==================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. SBTHREE

    SBTHREE TS Rookie Topic Starter

    Broni: Thank you for taking your time to help me with this. I uninstalled TrendMicro. Attached are the logs for MBRCheck and ComboFix. Hopefully everything will have been cleaned off.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 148):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xF7A5B000 \WINDOWS\system32\KDCOM.DLL
    0xF796B000 \WINDOWS\system32\BOOTVID.dll
    0xF742C000 ACPI.sys
    0xF7A5D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF741B000 pci.sys
    0xF755B000 isapnp.sys
    0xF796F000 compbatt.sys
    0xF7973000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B23000 pciide.sys
    0xF77DB000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7A5F000 intelide.sys
    0xF73FD000 pcmcia.sys
    0xF756B000 MountMgr.sys
    0xF73DE000 ftdisk.sys
    0xF73B8000 dmio.sys
    0xF77E3000 PartMgr.sys
    0xF757B000 VolSnap.sys
    0xF73A0000 atapi.sys
    0xF758B000 disk.sys
    0xF759B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7380000 fltmgr.sys
    0xF736E000 sr.sys
    0xF7359000 drvmcdb.sys
    0xF75AB000 PxHelp20.sys
    0xF7342000 KSecDD.sys
    0xF72B5000 Ntfs.sys
    0xF7288000 NDIS.sys
    0xF75BB000 ohci1394.sys
    0xF75CB000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF726E000 Mup.sys
    0xF767B000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6D73000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7A4F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6BDF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF6BCB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF78D3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6BA7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6D63000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xF6B93000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF6883000 \SystemRoot\system32\DRIVERS\w29n51.sys
    0xF6840000 \SystemRoot\system32\drivers\STAC97.sys
    0xF681C000 \SystemRoot\system32\drivers\portcls.sys
    0xF76AB000 \SystemRoot\system32\drivers\drmk.sys
    0xF67F9000 \SystemRoot\system32\drivers\ks.sys
    0xF67C6000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    0xF66C9000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
    0xF661C000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF78E3000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF76BB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF6602000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF78EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF78F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF76CB000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7AAD000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF76DB000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF76EB000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7A57000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7C92000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF775B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7231000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF65EB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF776B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF777B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78FB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF65DA000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF778B000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7913000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF791B000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF65AA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF77CB000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7AC7000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF654C000 \SystemRoot\system32\DRIVERS\update.sys
    0xF79F3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF792B000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF75FB000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF762B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7ADF000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7A33000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7B09000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7BAB000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B0B000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7943000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF794B000 \SystemRoot\System32\drivers\vga.sys
    0xF7B0D000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B0F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7953000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF795B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7A37000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF44A9000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF4450000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF4428000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7A3F000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xF4406000 \SystemRoot\System32\drivers\afd.sys
    0xF764B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF766B000 \SystemRoot\System32\Drivers\tmtdi.sys
    0xF7823000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xF43E0000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF43B5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF4345000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF768B000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF4323000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7A63000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF6E0B000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xF6DE3000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF3B93000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7A7B000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF44D4000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7843000 \SystemRoot\System32\watchdog.sys
    0xF6D83000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7BD0000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF07D000 \SystemRoot\System32\atikvmag.dll
    0xF76FB000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBF0B2000 \SystemRoot\System32\ati3duag.dll
    0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xF1A3E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xF42CB000 \SystemRoot\system32\drivers\Tmpreflt.sys
    0xF42BB000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7B46000 \SystemRoot\system32\dla\tfsndres.sys
    0xF18A1000 \SystemRoot\system32\dla\tfsnifs.sys
    0xF652C000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF7AA9000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF788B000 \SystemRoot\system32\dla\tfsnboio.sys
    0xF42AB000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7B47000 \SystemRoot\system32\dla\tfsndrct.sys
    0xF1888000 \SystemRoot\system32\dla\tfsnudf.sys
    0xF186F000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xF78A3000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xF190A000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xF1827000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF1432000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF13CD000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF17BF000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7AF3000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xF05FF000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF06F7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF786B000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xEFB59000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7A71000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0xEF326000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 81):
    0 System Idle Process
    4 System
    556 C:\WINDOWS\system32\smss.exe
    748 csrss.exe
    844 C:\WINDOWS\system32\winlogon.exe
    888 C:\WINDOWS\system32\services.exe
    900 C:\WINDOWS\system32\lsass.exe
    1108 C:\WINDOWS\system32\ati2evxx.exe
    1124 C:\WINDOWS\system32\svchost.exe
    1220 svchost.exe
    1260 C:\WINDOWS\system32\svchost.exe
    1304 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1432 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1456 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1556 svchost.exe
    1648 svchost.exe
    1900 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    316 C:\WINDOWS\system32\spoolsv.exe
    404 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    572 svchost.exe
    704 C:\WINDOWS\system32\ati2evxx.exe
    112 C:\WINDOWS\explorer.exe
    1316 C:\Program Files\Google\Update\GoogleUpdate.exe
    1828 C:\Program Files\Apoint\Apoint.exe
    1836 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    1844 C:\Program Files\Dell\Media Experience\PCMService.exe
    1856 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    1864 C:\WINDOWS\system32\dla\tfswctrl.exe
    1884 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    1988 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    1996 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    2004 C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    2036 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    176 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    200 C:\Program Files\Java\jre6\bin\jusched.exe
    224 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    232 C:\Program Files\SelectRebates\SelectRebates.exe
    1572 C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
    440 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    620 C:\WINDOWS\system32\ctfmon.exe
    808 C:\Program Files\DellSupport\DSAgnt.exe
    1536 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    1412 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    1784 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    1908 C:\Program Files\Apoint\ApntEx.exe
    2240 C:\Program Files\Digital Line Detect\DLG.exe
    2280 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2712 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    2716 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2836 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3020 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    3620 C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    3756 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    3776 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    3812 C:\WINDOWS\system32\ASTSRV.EXE
    3852 C:\Program Files\Bonjour\mDNSResponder.exe
    3872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1964 C:\WINDOWS\system32\svchost.exe
    2060 C:\WINDOWS\system32\svchost.exe
    2100 C:\Program Files\iWin Games\iWinTrusted.exe
    2152 C:\Program Files\Java\jre6\bin\jqs.exe
    2216 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    2392 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    2564 C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    2736 C:\WINDOWS\system32\svchost.exe
    2640 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
    3184 C:\WINDOWS\system32\svchost.exe
    3092 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    880 C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    3308 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    1392 C:\WINDOWS\system32\svchost.exe
    5576 alg.exe
    5788 wmiprvse.exe
    5000 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    2868 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    772 C:\Program Files\Internet Explorer\iexplore.exe
    5428 C:\Program Files\Internet Explorer\iexplore.exe
    2684 C:\WINDOWS\system32\msiexec.exe
    4436 C:\Program Files\Internet Explorer\iexplore.exe
    4764 C:\Documents and Settings\Sam\Desktop\MBRCheck.exe
    1712 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2100AH, Rev: 00000096

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    ComboFix 10-10-16.04 - Sam 10/17/2010 13:11:24.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.490 [GMT -7:00]
    Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\iWin Games\iWINgameshookie.dll
    c:\program files\SelectRebates
    c:\program files\SelectRebates\FFToolbar\chrome.manifest
    c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files\SelectRebates\FFToolbar\install.rdf
    c:\program files\SelectRebates\SahImages\alert.png
    c:\program files\SelectRebates\SahImages\check.png
    c:\program files\SelectRebates\SahImages\close.png
    c:\program files\SelectRebates\SelectAlerts.dat
    c:\program files\SelectRebates\SelectRebates.exe
    c:\program files\SelectRebates\SelectRebates.ini
    c:\program files\SelectRebates\SelectRebatesA.dat
    c:\program files\SelectRebates\SelectRebatesApi.exe
    c:\program files\SelectRebates\SelectRebatesB.dat
    c:\program files\SelectRebates\SelectRebatesBT.dat
    c:\program files\SelectRebates\SelectRebatesDownload.exe
    c:\program files\SelectRebates\SelectRebatesH.dat
    c:\program files\SelectRebates\SelectRebatesUninstall.exe
    c:\program files\SelectRebates\SRebates.dll
    c:\program files\SelectRebates\SRFF3.dll
    c:\program files\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files\SelectRebates\Toolbar\basis.xml
    c:\program files\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files\SelectRebates\Toolbar\Blank.bmp
    c:\program files\SelectRebates\Toolbar\CashBack.bmp
    c:\program files\SelectRebates\Toolbar\Coupons.bmp
    c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files\SelectRebates\Toolbar\icons.bmp
    c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
    c:\program files\SelectRebates\Toolbar\logo.bmp
    c:\program files\SelectRebates\Toolbar\logo_24.bmp
    c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files\SelectRebates\Toolbar\RightControls.dym
    c:\program files\SelectRebates\Toolbar\Scissors.bmp
    c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    c:\windows\Google Pack Screensaver Uninstaller.exe
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\bszip.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-16 20:58 . 2010-10-16 20:58 -------- d-----w- c:\documents and settings\Sam\Application Data\Malwarebytes
    2010-10-16 20:58 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-16 20:58 . 2010-10-16 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-16 20:58 . 2010-10-16 20:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-16 20:58 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 20:23 . 2010-03-01 17:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-10-16 20:23 . 2010-02-16 21:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-16 20:23 . 2009-05-11 19:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-10-16 20:23 . 2009-05-11 19:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-10-16 20:22 . 2010-10-16 20:22 -------- d-----w- c:\program files\Avira
    2010-10-16 20:22 . 2010-10-16 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-10-15 02:49 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-15 02:49 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-15 02:49 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-15 02:49 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-09-24 03:07 . 2010-09-24 03:07 -------- d-----w- c:\program files\Qwest
    2010-09-24 03:07 . 2010-09-24 03:07 -------- d-----w- c:\documents and settings\Kim.WORKLAPTOP\Application Data\InstallShield
    2010-09-24 03:02 . 2010-09-24 03:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Qwest
    2010-09-24 03:01 . 2010-09-24 03:02 -------- d-----w- c:\windows\XSxS
    2010-09-24 03:01 . 2010-09-24 03:01 -------- d-----w- c:\program files\Xenocode
    2010-09-24 03:01 . 2010-09-24 03:01 -------- d-----w- c:\documents and settings\Kim.WORKLAPTOP\Local Settings\Application Data\Xenocode
    2010-09-22 15:22 . 2010-09-22 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
    2010-09-22 15:22 . 2010-09-22 15:22 -------- d-----w- c:\program files\Common Files\Sandlot Shared
    2010-09-22 15:22 . 2010-09-22 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
    2010-09-22 15:22 . 2010-10-17 20:18 -------- d-----w- c:\program files\iWin Games

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-06 02:40 . 2006-08-21 23:06 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-11-28 19:12 . 2006-07-10 01:52 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2007-11-28 19:12 . 2006-07-10 01:52 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2007-11-28 19:12 . 2007-02-23 02:25 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2007-11-28 19:12 . 2007-02-23 02:25 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2007-11-28 19:12 . 2006-07-10 01:52 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-08 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-11-10 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-10 602182]
    "cwcptray"="c:\program files\ContentWatch\Internet Protection\cwtray.exe" [2007-10-17 403456]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-27 185896]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-12 149280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "QwestTouchPointAgent"="c:\program files\Qwest\Desktop\QwestTouchPointAgent.exe" [2010-08-27 45992]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    c:\documents and settings\Sam\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-15 24576]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-7-26 67128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2007-09-06 05:27 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-03-30 17:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    2005-09-09 01:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-03-29 06:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2006-12-15 10:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-04-08 04:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2008-10-27 02:29 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "GoogleDesktopManager"=3 (0x3)
    "gusvc"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\ENERCALC_6\\ec6.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/16/2010 1:23 PM 135336]
    R2 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe [1/26/2008 7:57 PM 1223168]
    R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [9/2/2010 8:38 AM 176408]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
    S2 gupdate1ca47a2504f54c4;Google Update Service (gupdate1ca47a2504f54c4);c:\program files\Google\Update\GoogleUpdate.exe [10/7/2009 4:02 PM 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-10-17 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-29 02:39]

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 23:02]

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 23:02]

    2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{A2B02B21-FAC7-48AD-AF05-D343E40FCF4D}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\windows\system32\cwalsp.dll
    Trusted Zone: musicmatch.com\online
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} - hxxp://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab
    FF - ProfilePath - c:\documents and settings\Sam\Application Data\Mozilla\Firefox\Profiles\5mdapkq6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
    HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
    AddRemove-Google Pack Screensaver - c:\windows\Google Pack Screensaver Uninstaller.exe
    AddRemove-iWinArcade - c:\program files\iWin Games\Uninstall.exe
    AddRemove-THQ® Boggle, Upwords, Hangman, and Word Hunter_is1 - c:\program files\THQ\Hasbro\Boggle
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\ð* 2*]
    "Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(832)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'lsass.exe'(888)
    c:\windows\system32\cwalsp.dll
    c:\windows\system32\wxbase28u_vc_CW.dll

    - - - - - - - > 'explorer.exe'(3764)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Intel\Wireless\Bin\WLKeeper.exe
    c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\Apoint\Apntex.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\windows\SYSTEM32\astsrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-17 13:30:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-17 20:30

    Pre-Run: 69,742,583,808 bytes free
    Post-Run: 69,589,782,528 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - D21DB32D6E608C62C1D033626DEDE57C
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  6. SBTHREE

    SBTHREE TS Rookie Topic Starter

    I am not sure that, that worked, but I will keep my fingers crossed. Attached is the log.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 146):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D0000 \WINDOWS\system32\hal.dll
    0xF7A5B000 \WINDOWS\system32\KDCOM.DLL
    0xF796B000 \WINDOWS\system32\BOOTVID.dll
    0xF742C000 ACPI.sys
    0xF7A5D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF741B000 pci.sys
    0xF755B000 isapnp.sys
    0xF796F000 compbatt.sys
    0xF7973000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7B23000 pciide.sys
    0xF77DB000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7A5F000 intelide.sys
    0xF73FD000 pcmcia.sys
    0xF756B000 MountMgr.sys
    0xF73DE000 ftdisk.sys
    0xF73B8000 dmio.sys
    0xF77E3000 PartMgr.sys
    0xF757B000 VolSnap.sys
    0xF73A0000 atapi.sys
    0xF758B000 disk.sys
    0xF759B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7380000 fltmgr.sys
    0xF736E000 sr.sys
    0xF7359000 drvmcdb.sys
    0xF75AB000 PxHelp20.sys
    0xF7342000 KSecDD.sys
    0xF72B5000 Ntfs.sys
    0xF7288000 NDIS.sys
    0xF75BB000 ohci1394.sys
    0xF75CB000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF726E000 Mup.sys
    0xF767B000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6691000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7A53000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF64BC000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF64A8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF78D3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6484000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78DB000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF6681000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
    0xF6470000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF6160000 \SystemRoot\system32\DRIVERS\w29n51.sys
    0xF60EE000 \SystemRoot\system32\drivers\STAC97.sys
    0xF60CA000 \SystemRoot\system32\drivers\portcls.sys
    0xF6661000 \SystemRoot\system32\drivers\drmk.sys
    0xF60A7000 \SystemRoot\system32\drivers\ks.sys
    0xF6074000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    0xF5F77000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
    0xF5ECA000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF78E3000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF6651000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF5EB0000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF78EB000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF78F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6641000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7AA9000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xF6631000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF6621000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7239000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xF7BCC000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF76EB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7231000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5E99000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF770B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF771B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78FB000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5E88000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF772B000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7903000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF790B000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF5E58000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF773B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7AC3000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5DFA000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7215000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7913000 \SystemRoot\system32\DRIVERS\omci.sys
    0xF774B000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF777B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7AC9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7A0F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7ADD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7B67000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7ADF000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7923000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF792B000 \SystemRoot\System32\drivers\vga.sys
    0xF7AE1000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7AE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7933000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF793B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7A13000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xF3D57000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xF3CFE000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF3CD6000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7A1B000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xF3CB4000 \SystemRoot\System32\drivers\afd.sys
    0xF778B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF7943000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xF3C89000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF3C19000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF77AB000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF3BF3000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF3BD1000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xF7AE9000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0xF7A37000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
    0xF77CB000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xF3B91000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7AEB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xF5DE6000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7953000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7CAD000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF049000 \SystemRoot\System32\ati2cqag.dll
    0xBF07D000 \SystemRoot\System32\atikvmag.dll
    0xF75FB000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF760B000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBF0B2000 \SystemRoot\System32\ati3duag.dll
    0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xF1A3C000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xF76CB000 \SystemRoot\system32\drivers\drvnddm.sys
    0xF7C5F000 \SystemRoot\system32\dla\tfsndres.sys
    0xF1A26000 \SystemRoot\system32\dla\tfsnifs.sys
    0xF5DDE000 \SystemRoot\system32\dla\tfsnopio.sys
    0xF7A61000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF7803000 \SystemRoot\system32\dla\tfsnboio.sys
    0xF76DB000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7C61000 \SystemRoot\system32\dla\tfsndrct.sys
    0xF1A0D000 \SystemRoot\system32\dla\tfsnudf.sys
    0xF19F4000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xF7813000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xF1A65000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xF191C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xF13FF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF139A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF1584000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7B0D000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xF089C000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF0AE4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xF780B000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xF01F3000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7ABF000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
    0xEFFE8000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 75):
    0 System Idle Process
    4 System
    552 C:\WINDOWS\system32\smss.exe
    628 csrss.exe
    832 C:\WINDOWS\system32\winlogon.exe
    876 C:\WINDOWS\system32\services.exe
    888 C:\WINDOWS\system32\lsass.exe
    1064 C:\WINDOWS\system32\ati2evxx.exe
    1080 C:\WINDOWS\system32\svchost.exe
    1180 svchost.exe
    1220 C:\WINDOWS\system32\svchost.exe
    1260 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1308 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1436 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    1488 svchost.exe
    1592 svchost.exe
    1840 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    248 C:\WINDOWS\system32\spoolsv.exe
    492 C:\WINDOWS\system32\ati2evxx.exe
    604 C:\WINDOWS\explorer.exe
    788 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1448 svchost.exe
    1744 C:\Program Files\Apoint\Apoint.exe
    1752 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    1760 C:\Program Files\Dell\Media Experience\PCMService.exe
    1768 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    1780 C:\WINDOWS\system32\dla\tfswctrl.exe
    980 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    1808 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    1828 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    1852 C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    1896 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    1924 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    1956 C:\Program Files\Java\jre6\bin\jusched.exe
    1984 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    2008 C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
    2044 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    188 C:\Program Files\DellSupport\DSAgnt.exe
    164 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    208 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    356 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    484 C:\Program Files\Apoint\ApntEx.exe
    1404 C:\Program Files\Digital Line Detect\DLG.exe
    1616 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2052 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2068 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    2188 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    2268 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    2628 C:\WINDOWS\system32\ctfmon.exe
    2892 C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    3032 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    3044 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    3064 C:\WINDOWS\system32\ASTSRV.EXE
    3100 C:\Program Files\Bonjour\mDNSResponder.exe
    3344 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    3456 C:\WINDOWS\system32\svchost.exe
    3472 C:\WINDOWS\system32\svchost.exe
    3488 C:\Program Files\iWin Games\iWinTrusted.exe
    3524 C:\Program Files\Java\jre6\bin\jqs.exe
    3600 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    3660 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    3880 C:\WINDOWS\system32\svchost.exe
    3896 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
    3920 C:\WINDOWS\system32\svchost.exe
    3964 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    4004 C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    800 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    1560 C:\WINDOWS\system32\svchost.exe
    332 C:\WINDOWS\system32\wuauclt.exe
    3800 wmiprvse.exe
    1964 wmiprvse.exe
    3696 alg.exe
    3716 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    3096 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    4672 C:\Documents and Settings\Sam\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2100AH, Rev: 00000096

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes. Looks good :)
    Let me check your Combofix log now...
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Combofix log looks good :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. SBTHREE

    SBTHREE TS Rookie Topic Starter

    The computer seems to be running really well right now. But task master is having the same problem, no improvement. The logs are in two posts.

    OTL logfile created on: 10/17/2010 3:05:43 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Sam\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 407.00 Mb Available Physical Memory | 40.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.29 Gb Total Space | 64.83 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

    Computer Name: WORKLAPTOP | User Name: Sam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/17 15:02:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
    PRC - [2010/09/02 08:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
    PRC - [2010/08/26 21:59:13 | 000,045,992 | ---- | M] (Qwest Communications) -- C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2009/05/08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/05/08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/06/05 20:03:16 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
    PRC - [2007/10/17 09:42:28 | 000,403,456 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
    PRC - [2007/10/17 09:42:26 | 001,223,168 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
    PRC - [2007/04/07 21:22:46 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
    PRC - [2005/11/09 22:16:48 | 000,262,217 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
    PRC - [2005/11/09 22:08:56 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2005/11/09 22:08:28 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005/11/09 22:05:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005/11/09 22:01:00 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/11/09 21:59:08 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005/11/09 21:58:26 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005/06/10 09:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2004/09/13 15:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2004/08/19 13:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/17 15:02:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/02 08:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2008/06/05 20:03:16 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
    SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
    SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2007/10/17 09:42:26 | 001,223,168 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
    SRV - [2007/09/05 22:27:30 | 001,836,544 | ---- | M] (Google) [Disabled | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)
    SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2007/02/16 21:08:14 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
    SRV - [2005/11/09 22:16:48 | 000,262,217 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
    SRV - [2005/11/09 22:01:00 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005/11/09 21:59:08 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005/11/09 21:58:26 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Sam\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/04/30 16:03:28 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/04/30 16:03:06 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Communicate Deluxe(UVC)
    DRV - [2009/04/30 16:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/06/27 14:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2007/06/27 14:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
    DRV - [2007/05/11 17:31:20 | 000,041,888 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/05/11 17:30:03 | 001,921,184 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2005/11/09 14:45:56 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/08/04 03:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/08/03 09:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
    DRV - [2005/05/03 15:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 15:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 15:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/03/10 21:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
    DRV - [2004/12/06 00:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/12/06 00:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/12/06 00:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/12/06 00:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/12/06 00:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/12/06 00:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/12/06 00:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/12/06 00:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/12/06 00:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/12/01 02:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/11/23 01:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/11/16 15:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2004/10/21 19:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
    DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 10:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 10:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/06/17 19:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/05/26 19:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
    FF - prefs.js..browser.search.selectedEngine: "Google"

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/26 19:30:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/09/22 08:22:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/01 16:04:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/01 16:04:17 | 000,000,000 | ---D | M]

    [2006/07/09 19:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\5mdapkq6.default\extensions
    [2009/09/12 09:23:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/10/02 19:52:00 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2007/02/22 19:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
    [2008/10/02 19:52:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-ggic@partners.mozilla.com
    [2008/10/02 19:52:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2007/11/28 12:12:01 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
    [2007/11/28 12:12:02 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
    [2007/11/28 12:12:03 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
    [2007/11/28 12:12:04 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
    [2007/11/28 12:12:04 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
    [2010/08/30 16:13:45 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    [2010/08/30 16:13:45 | 000,466,944 | ---- | M] (Catalina Marketing Corp.) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    [2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2010/10/17 14:49:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
    O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\Sam\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\cwalsp.dll (ContentWatch, Inc.)
    O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.18.27/ttinst.cab (Toontown Installer ActiveX Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sdk/latest/qsp2ie06041001.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.65 205.171.2.65
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
     
  10. SBTHREE

    SBTHREE TS Rookie Topic Starter

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/17 15:02:46 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
    [2010/10/17 14:09:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Desktop\NTBR_CD
    [2010/10/17 13:09:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/17 13:05:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/17 13:05:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/17 13:05:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/17 13:05:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/17 13:05:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/17 13:05:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/16 13:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Malwarebytes
    [2010/10/16 13:58:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/16 13:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/16 13:58:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/16 13:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/16 13:56:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam\Desktop\mbam-setup-1.46.exe
    [2010/10/16 13:34:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\TFC.exe
    [2010/10/16 13:23:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/10/16 13:23:05 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/10/16 13:23:04 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/10/16 13:23:04 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/10/16 13:23:04 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/10/16 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/10/16 13:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/10/13 20:37:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\business start up
    [2010/09/23 20:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Qwest
    [2010/09/23 20:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Qwest
    [2010/09/23 20:01:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
    [2010/09/23 20:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
    [2010/09/22 08:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2010/09/22 08:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sandlot Shared
    [2010/09/22 08:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
    [2010/09/22 08:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\iWin Games
    [2010/09/22 08:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\My Documents\pizza
    [2010/08/30 16:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\Catalina Marketing Corp
    [2010/08/30 15:53:37 | 000,398,744 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/08/30 15:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
    [2010/08/30 15:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
    [2010/08/15 18:45:11 | 000,000,000 | ---D | C] -- C:\d5913c56835ce1d11db8b4661284
    [2010/08/08 19:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\SmashFrenzy3
    [2010/08/08 19:51:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam\Application Data\MB3
    [2010/08/08 19:49:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
    [2010/08/08 19:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
    [2010/08/08 19:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
    [2010/08/08 19:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP Games
    [2010/07/24 09:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [1 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/10/17 15:02:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
    [2010/10/17 14:52:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/17 14:50:56 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/10/17 14:49:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/17 14:49:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/17 14:49:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/17 14:49:06 | 1073,180,672 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/17 14:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/17 13:52:56 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\NTBR_CD.exe
    [2010/10/17 13:09:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/10/17 13:00:45 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Sam\Desktop\ComboFix.exe
    [2010/10/17 12:58:59 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\MBRCheck.exe
    [2010/10/17 12:28:40 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A2B02B21-FAC7-48AD-AF05-D343E40FCF4D}.job
    [2010/10/17 12:24:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2010/10/17 12:24:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2010/10/16 16:06:37 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\dds.scr
    [2010/10/16 14:15:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\jelx1pt7.exe
    [2010/10/16 13:58:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/16 13:56:52 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam\Desktop\mbam-setup-1.46.exe
    [2010/10/16 13:34:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\TFC.exe
    [2010/10/16 13:23:35 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/10/16 08:23:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/10/16 07:12:34 | 000,192,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/10/16 06:15:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/10/07 16:32:04 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/07 16:32:04 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/10/06 06:31:09 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\Microsoft Office Word 2003.lnk
    [2010/10/04 17:41:44 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/10/03 10:07:27 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\Sam\jobq.dat
    [2010/10/02 23:17:25 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2010/09/23 20:13:30 | 000,010,388 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\Qwest Configuration Details.mht
    [2010/09/12 15:50:20 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\FamilySearch Indexing.lnk
    [2010/09/08 23:33:11 | 000,072,192 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\turtles.doc
    [2010/09/08 23:23:59 | 001,402,368 | ---- | M] () -- C:\Documents and Settings\Sam\My Documents\eryn's time capsule.doc
    [2010/09/07 19:36:47 | 000,003,766 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2010/09/07 19:36:44 | 000,000,056 | RHS- | M] () -- C:\WINDOWS\System32\AC7E2F1273.sys
    [2010/08/30 15:53:37 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
    [2010/08/14 17:55:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\watch.wtc
    [2010/08/14 17:03:17 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/08 19:49:46 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Smash Frenzy 3.lnk
    [2010/08/08 19:35:51 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Bistro Stars.lnk
    [2010/08/08 19:24:31 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Farm Frenzy.lnk
    [2010/07/25 18:21:09 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
    [1 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/17 13:52:54 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\NTBR_CD.exe
    [2010/10/17 13:09:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/10/17 13:09:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/17 13:05:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/17 13:05:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/17 13:05:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/17 13:05:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/17 13:05:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/17 13:00:31 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Sam\Desktop\ComboFix.exe
    [2010/10/17 12:58:59 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\MBRCheck.exe
    [2010/10/16 16:06:28 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\dds.scr
    [2010/10/16 14:15:05 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\jelx1pt7.exe
    [2010/10/16 13:58:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/16 13:23:35 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/09/23 20:13:30 | 000,010,388 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\Qwest Configuration Details.mht
    [2010/09/20 15:05:11 | 000,000,418 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A2B02B21-FAC7-48AD-AF05-D343E40FCF4D}.job
    [2010/09/12 15:50:19 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\FamilySearch Indexing.lnk
    [2010/09/08 23:32:15 | 000,072,192 | ---- | C] () -- C:\Documents and Settings\Sam\Desktop\turtles.doc
    [2010/09/08 21:39:36 | 001,402,368 | ---- | C] () -- C:\Documents and Settings\Sam\My Documents\eryn's time capsule.doc
    [2010/08/14 17:55:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\watch.wtc
    [2010/08/08 19:49:46 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Smash Frenzy 3.lnk
    [2010/08/08 19:35:51 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Bistro Stars.lnk
    [2010/08/08 19:24:31 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Farm Frenzy.lnk
    [2009/12/19 19:08:26 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\docXConverter (3).ini
    [2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2008/07/26 17:22:01 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/07/26 06:56:04 | 000,000,499 | ---- | C] () -- C:\Documents and Settings\Sam\Application Data\EC_StartupLog.INI
    [2008/01/26 19:57:24 | 000,908,288 | ---- | C] () -- C:\WINDOWS\System32\libxml2_CW.dll
    [2008/01/26 19:57:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
    [2008/01/26 19:57:21 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_xrc_vc_CW.dll
    [2008/01/26 19:57:21 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_html_vc_CW.dll
    [2008/01/26 19:57:21 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_media_vc_CW.dll
    [2008/01/26 19:57:20 | 002,899,968 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_core_vc_CW.dll
    [2008/01/26 19:57:20 | 001,220,608 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_vc_CW.dll
    [2008/01/26 19:57:20 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\wxmsw28u_adv_vc_CW.dll
    [2008/01/26 19:57:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_xml_vc_CW.dll
    [2008/01/26 19:57:20 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\wxbase28u_net_vc_CW.dll
    [2008/01/05 21:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/01/05 16:05:44 | 000,000,742 | R--- | C] () -- C:\WINDOWS\MSPPWSV.ini
    [2007/10/13 18:44:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
    [2007/09/05 22:23:43 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\347hfs.dat
    [2006/09/06 21:06:18 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/09/06 21:06:18 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\AC7E2F1273.sys
    [2006/07/09 18:49:36 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/07/09 18:46:06 | 000,000,083 | ---- | C] () -- C:\WINDOWS\gbsaver.ini
    [2006/06/11 16:53:07 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Sam\Local Settings\Application Data\fusioncache.dat
    [2006/03/14 13:20:31 | 000,005,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2006/02/14 17:49:00 | 000,000,704 | ---- | C] () -- C:\WINDOWS\hegames.ini
    [2006/01/18 23:24:48 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2005/12/15 20:44:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/12/15 20:34:25 | 000,004,469 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/12/15 20:27:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/12/15 20:24:17 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
    [2005/12/15 19:58:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
    [2005/12/15 19:58:40 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\dlbcplc.ini
    [2005/12/15 19:57:28 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
    [2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 16:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2008/01/26 19:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ContentWatch
    [2008/07/26 06:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ENERCALC Common Data Files
    [2010/08/08 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Farm Frenzy
    [2007/11/10 10:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
    [2010/09/22 08:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
    [2008/06/05 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2010/01/11 21:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2006/03/11 21:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2010/09/23 20:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Qwest
    [2010/09/22 08:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2008/03/22 14:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2007/11/10 11:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/11 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
    [2005/12/15 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/08/08 19:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2010/08/30 16:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\Catalina Marketing Corp
    [2010/08/08 19:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\MB3
    [2010/01/31 06:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\OpenOffice.org
    [2010/08/08 19:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sam\Application Data\SmashFrenzy3
    [2010/10/17 12:28:40 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A2B02B21-FAC7-48AD-AF05-D343E40FCF4D}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/30 12:44:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/10/17 13:09:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/17 14:57:34 | 000,016,664 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/12/15 20:03:40 | 000,005,669 | RH-- | M] () -- C:\dell.sdr
    [2010/10/17 14:52:15 | 000,048,128 | ---- | M] () -- C:\Facilitator.log
    [2010/03/03 13:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
    [2010/10/17 14:49:06 | 1073,180,672 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/16 06:49:04 | 001,048,575 | ---- | M] () -- C:\immudebug.log
    [2005/12/28 21:11:35 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/12/15 20:32:37 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
    [2004/08/11 16:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2008/01/05 16:06:05 | 000,000,260 | ---- | M] () -- C:\MSLog.log
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/06 08:12:45 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/17 14:49:04 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2005/12/15 20:32:48 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 16:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/15 15:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2004/03/22 15:17:06 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/08/03 21:38:23 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Sam\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 16:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/11 16:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/11 16:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/06 08:27:26 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/08/25 16:15:14 | 000,000,205 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\1000 Free Songs!.url
    [2009/11/20 19:32:34 | 000,000,223 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Awesome Travel Deals!.url
    [2006/02/11 19:23:30 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/10/07 11:58:56 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\FREE GAMES!.url
    [2004/08/11 16:20:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2008/01/26 20:48:29 | 021,364,592 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\aaw2007.exe
    [2010/10/17 13:00:45 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Sam\Desktop\ComboFix.exe
    [2010/10/16 14:15:06 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\jelx1pt7.exe
    [2010/10/16 13:56:52 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam\Desktop\mbam-setup-1.46.exe
    [2010/10/17 12:58:59 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\MBRCheck.exe
    [2008/01/26 19:50:31 | 014,593,345 | ---- | M] (ContentWatch ) -- C:\Documents and Settings\Sam\Desktop\NetNannyInstall.exe
    [2010/10/17 13:52:56 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Sam\Desktop\NTBR_CD.exe
    [2010/10/17 15:02:47 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\OTL.exe
    [2010/10/16 13:34:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 04:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/02/11 19:23:28 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sam\Favorites\Desktop.ini
    [2010/08/08 19:49:46 | 000,001,306 | ---- | M] () -- C:\Documents and Settings\Sam\Favorites\HP Games.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/17 15:02:29 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Sam\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2005/11/09 14:45:36 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
    [7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC79986F
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44EBAA62

    < End of report >
     
  11. SBTHREE

    SBTHREE TS Rookie Topic Starter

    OTL Extras logfile created on: 10/17/2010 3:05:43 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Sam\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 407.00 Mb Available Physical Memory | 40.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 89.29 Gb Total Space | 64.83 Gb Free Space | 72.61% Space Free | Partition Type: NTFS

    Computer Name: WORKLAPTOP | User Name: Sam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\ENERCALC_6\ec6.exe" = C:\Program Files\ENERCALC_6\ec6.exe:*:Enabled:ec6 -- ()
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
    "{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
    "{205140F6-F3AC-45CE-9627-9CF35C6E1C2E}" = Mall Tycoon 3
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{36061C01-E74E-4D54-938C-CA2987D39DCE}" = ebgcRes
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
    "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
    "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
    "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
    "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
    "{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
    "{4E7C8500-3D69-11DB-390C-1F56BA3C7E87}" = ENERCALC Structural Engineering Library 6.0.19
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
    "{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
    "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
    "{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5148C2-7E8E-4994-9BFD-6A577E69D59E}" = DQ Tycoon
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
    "{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help
    "{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
    "{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
    "{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
    "{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
    "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    "26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
    "3C48F877-A164-45E9-B9DA-26A049FFC207" = Tradewinds
    "651956B7-1969-42AA-9453-E0B813019D54" = Polar Golfer
    "6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
    "989E4C3B-B2C9-4486-9A09-D5A8F953837C" = Bejeweled 2 Deluxe
    "9C3E45EF-14FC-493C-BF15-39DBC543317B" = TriJinx
    "A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
    "A80599FB-C344-4F78-B69C-A7B5FC5047C5" = Digby's Donuts
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "ALTACPHOME_is1" = Net Nanny Parental Controls 5.6
    "ATI Display Driver" = ATI Display Driver
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "C0A0AA4D-C79B-48CA-8843-2B02B626C9E6" = Blackhawk Striker 2
    "Cake Mania" = Cake Mania (remove only)
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Cricut DesignStudio" = Cricut DesignStudio
    "D1A6F3FD-7B40-443F-8767-BADB25A0D222" = Blasterball 2
    "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
    "Dell Game Console" = Dell Game Console
    "E0814F95-5380-4892-B8C8-7FA4B349EF46" = Chuzzle Deluxe
    "FileZilla Client" = FileZilla Client 3.0.5.2
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "Google Updater" = Google Updater
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photo & Imaging" = HP Image Zone 4.7
    "HP Photosmart Essential" = HP Photosmart Essential 2.01
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPExtendedCapabilities" = HP Customer Participation Program 9.0
    "HPOCR" = HP OCR Software 9.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
    "InterActual Player" = InterActual Player
    "Jewel Quest 2" = Jewel Quest 2 (remove only)
    "legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package
    "lvdrivers_12.0" = Logitech Webcam Software Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (2.0.0.11)" = Mozilla Firefox (2.0.0.11)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa2" = Picasa 2
    "ProInst" = Intel(R) PROSet/Wireless Software
    "RealPlayer 6.0" = RealPlayer
    "RealVNC_is1" = VNC Free Edition 4.1.2
    "Sandlot Games Client Services_is1" = Sandlot Games Client Services
    "Sproink" = Sproink (remove only)
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "Turbo Pizza" = Turbo Pizza (remove only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WT021488" = Jewel Quest 2 - Tournament Edition
    "WT084031" = Smash Frenzy 3
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FamilySearch Indexing" = FamilySearch Indexing
    "FamilySearch Indexing (www.familysearchindexing.org)" = FamilySearch Indexing (www.familysearchindexing.org)
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
    "Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/8/2010 7:56:10 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/8/2010 7:56:41 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/8/2010 8:00:26 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/9/2010 8:12:04 PM | Computer Name = WORKLAPTOP | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module mshtml.dll, version 8.0.6001.18939, fault address 0x00085cbc.

    Error - 9/9/2010 10:11:29 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/9/2010 10:35:28 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.6359.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/9/2010 10:40:46 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/9/2010 11:36:14 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/9/2010 11:36:14 PM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 9/13/2010 12:55:00 AM | Computer Name = WORKLAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 10/16/2010 4:35:31 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Trend Micro Central Control Component service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/16/2010 4:35:31 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
    unexpectedly. It has done this 1 time(s).

    Error - 10/16/2010 4:35:31 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The SupportSoft Listener Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/16/2010 4:35:31 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Trend Micro Proxy Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 10/16/2010 4:35:31 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Trend Micro Personal Firewall service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/16/2010 4:35:31 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/16/2010 4:35:33 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Trend Micro Real-time Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/16/2010 7:10:54 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7024
    Description = The Java Quick Starter service terminated with service-specific error
    1 (0x1).

    Error - 10/17/2010 4:04:57 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 10/17/2010 5:36:33 PM | Computer Name = WORKLAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Tell me again, what is exact problem with Task Manager?

    =============================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} http://qmedia.xlontech.net/100170/sd...ie06041001.cab (Reg Error: Key error.)
      [1 C:\Documents and Settings\Sam\My Documents\*.tmp files -> C:\Documents and Settings\Sam\My Documents\*.tmp -> ]
      [2005/12/15 20:32:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC79986F
      @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44EBAA62
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. SBTHREE

    SBTHREE TS Rookie Topic Starter

    I tried to do a print screen of the image and save it in a word file for you to see, but it was 18kb to large to post. Basically the task manager window opens as a window with three buttons at the bottom and no way to get to any of the other functions. Even the red x in the upper corner of the window is missing the only way to close it is to his alt-f4. The little button at the bottom of the screen that usually says task manager only has an image of a compute screen on the left side with no text and when you right click on it, the window is pulled forward, but it does not give the option to close the window or anything else. When I originally searched for help with this I found a post regarding this on your forum.

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control {E3E02F12-2ADB-478C-8742-5F0819F9F0F4}
    C:\WINDOWS\Downloaded Program Files\qsp2ie06041001.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3E02F12-2ADB-478C-8742-5F0819F9F0F4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3E02F12-2ADB-478C-8742-5F0819F9F0F4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E3E02F12-2ADB-478C-8742-5F0819F9F0F4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E3E02F12-2ADB-478C-8742-5F0819F9F0F4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E3E02F12-2ADB-478C-8742-5F0819F9F0F4}\ not found.
    C:\Documents and Settings\Sam\My Documents\~WRL3466.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC79986F deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:44EBAA62 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.WORKLAPTOP

    User: All Users

    User: Amberlie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Eryn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jared
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kim
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kim.WORKLAPTOP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kim.WORKLAPTOP.WORKLAPTOP

    User: Kylie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Levi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Sam
    ->Temp folder emptied: 9387246 bytes
    ->Temporary Internet Files folder emptied: 6226753 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 734 bytes

    User: Vertex
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 111979 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 7073 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.WORKLAPTOP

    User: All Users

    User: Amberlie
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Eryn
    ->Flash cache emptied: 0 bytes

    User: Jared
    ->Flash cache emptied: 0 bytes

    User: Kim

    User: Kim.WORKLAPTOP
    ->Flash cache emptied: 0 bytes

    User: Kim.WORKLAPTOP.WORKLAPTOP

    User: Kylie
    ->Flash cache emptied: 0 bytes

    User: Levi
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Sam
    ->Flash cache emptied: 0 bytes

    User: Vertex
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.15.2 log created on 10172010_195722

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Sam\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
    File\Folder C:\Documents and Settings\Sam\Local Settings\Temp\~DF3BA3.tmp not found!
    File\Folder C:\Documents and Settings\Sam\Local Settings\Temp\~DF3BBB.tmp not found!
    File\Folder C:\Documents and Settings\Sam\Local Settings\Temp\~DF3C2E.tmp not found!
    File\Folder C:\Documents and Settings\Sam\Local Settings\Temp\~DF3C46.tmp not found!
    File\Folder C:\Documents and Settings\Sam\Local Settings\Temp\~DF3C8A.tmp not found!
    File\Folder C:\Documents and Settings\Sam\Local Settings\Temp\~DF3CA2.tmp not found!
    C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\ZCQ0EFWU\ads[5].htm moved successfully.
    C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\ZCQ0EFWU\sh24[1].html moved successfully.
    C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\6AU577ND\topic155014[3].html moved successfully.
    C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\WINDOWS\temp\HPSLPS000.log moved successfully.

    Registry entries deleted on Reboot...

    There were no threats found by Eset. The other logs are as follows
     
  14. SBTHREE

    SBTHREE TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 8.1.2
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    If your Task Manager looks like this:

    [​IMG]

    double click on any empty border space (red arrow) to get it back to normal.

    =====================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button


    Then, the results from Eset....
     
  16. SBTHREE

    SBTHREE TS Rookie Topic Starter

    Thank you, that fixed the problem. Eset found no threats. I am doing the adobe update now.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  18. SBTHREE

    SBTHREE TS Rookie Topic Starter

    Broni:

    I can't thank you enough. My computer seems to be running great. It is amazing how bad those problems can be and how hard it is to get rid of them. You really do a great service. I use this computer to help index historical records and having it bogged down was really a problem. I could hardly get on the internet. Everything was just not working. Thanks again.

    Sincerely,



    Sam

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.WORKLAPTOP

    User: All Users

    User: Amberlie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    User: Eryn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jared
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kim
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Kim.WORKLAPTOP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kim.WORKLAPTOP.WORKLAPTOP

    User: Kylie
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Levi
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Sam
    ->Temp folder emptied: 17887 bytes
    ->Temporary Internet Files folder emptied: 8842925 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Vertex
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11260 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 9.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.WORKLAPTOP

    User: All Users

    User: Amberlie
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Eryn
    ->Flash cache emptied: 0 bytes

    User: Jared
    ->Flash cache emptied: 0 bytes

    User: Kim

    User: Kim.WORKLAPTOP
    ->Flash cache emptied: 0 bytes

    User: Kim.WORKLAPTOP.WORKLAPTOP

    User: Kylie
    ->Flash cache emptied: 0 bytes

    User: Levi
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Sam
    ->Flash cache emptied: 0 bytes

    User: Vertex
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.15.2 log created on 10172010_213248

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\HPSLPS000.log moved successfully.

    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...