virus

ComboFix 11-09-05.04 - Owner 09/05/2011 14:10:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.564 [GMT -4:00]
Running from: c:\documents and settings\Owner.HOME-5NR1RMGI5L\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\ApplicationHistory\ngen.exe.f36057ef.ini
c:\documents and settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\ApplicationHistory\SL11.tmp.3ae087d6.ini
c:\documents and settings\Owner.HOME-5NR1RMGI5L\WINDOWS
c:\program files\messenger\msmsgsin.exe
c:\winnt\$NtUninstallKB42356$
c:\winnt\$NtUninstallKB42356$\1545864879\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\winnt\$NtUninstallKB42356$\1545864879\click.tlb
c:\winnt\$NtUninstallKB42356$\1545864879\L\nnqkxjfa
c:\winnt\$NtUninstallKB42356$\1545864879\loader.tlb
c:\winnt\$NtUninstallKB42356$\1545864879\U\@00000001
c:\winnt\$NtUninstallKB42356$\1545864879\U\@000000c0
c:\winnt\$NtUninstallKB42356$\1545864879\U\@000000cb
c:\winnt\$NtUninstallKB42356$\1545864879\U\@000000cf
c:\winnt\$NtUninstallKB42356$\1545864879\U\@80000000
c:\winnt\$NtUninstallKB42356$\1545864879\U\@800000c0
c:\winnt\$NtUninstallKB42356$\1545864879\U\@800000cb
c:\winnt\$NtUninstallKB42356$\1545864879\U\@800000cf
c:\winnt\$NtUninstallKB42356$\1734920488
c:\winnt\assembly\GAC_MSIL\desktop.ini
c:\winnt\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\winnt\system32\comct332.ocx
c:\winnt\system32\lvci1201278.dll
c:\winnt\system32\Thumbs.db
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_5c2406af
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-04 13:48 . 2011-09-04 13:48 -------- d--h--w- c:\documents and settings\All Users.WINNT\Application Data\CanonIJEPPEX
2011-09-04 13:48 . 2011-09-05 02:37 -------- d-----w- c:\documents and settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Canon Easy-PhotoPrint EX
2011-08-29 17:34 . 2011-08-29 17:34 -------- d-----w- c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\Malwarebytes
2011-08-29 17:33 . 2011-07-06 23:52 41272 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-08-29 17:33 . 2011-08-29 17:33 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Malwarebytes
2011-08-29 17:33 . 2011-08-30 22:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 17:33 . 2011-07-06 23:52 22712 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-08-25 13:29 . 2011-09-05 01:25 -------- d-----w- c:\documents and settings\Owner.HOME-5NR1RMGI5L\.frostwire5
2011-08-25 13:27 . 2011-08-25 13:30 -------- d-----w- c:\program files\FrostWire 5
2011-08-10 22:00 . 2011-06-24 14:10 139656 -c----w- c:\winnt\system32\dllcache\rdpwd.sys
2011-08-10 21:59 . 2011-07-08 14:02 10496 -c----w- c:\winnt\system32\dllcache\ndistapi.sys
2011-08-09 20:11 . 2011-08-09 20:11 -------- d-----w- c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\BigFish
2011-08-09 20:11 . 2011-08-09 20:11 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\BigFish
2011-08-09 20:09 . 2011-08-09 20:10 -------- d-----w- c:\program files\Jewel Quest Mysteries - The Seventh Gate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-25 12:53 . 2011-05-15 15:44 404640 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2003-07-16 20:34 456320 ----a-w- c:\winnt\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2003-07-16 20:37 10496 ----a-w- c:\winnt\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2009-03-06 00:30 139656 ----a-w- c:\winnt\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-06-23 16:33 916480 ----a-w- c:\winnt\system32\wininet.dll
2011-06-23 18:36 . 2003-07-16 20:32 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2011-06-23 18:36 . 2003-07-16 20:30 1469440 ----a-w- c:\winnt\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\winnt\system32\html.iec
2011-06-20 17:44 . 2003-07-16 20:51 293376 ----a-w- c:\winnt\system32\winsrv.dll
2009-03-27 13:00 . 2009-03-27 12:59 13440584 -c--a-w- c:\program files\Install_AIM.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-30 02:05 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-30 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"IgfxTray"="c:\winnt\System32\igfxtray.exe" [2005-10-19 155648]
"dla"="c:\winnt\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-30 887976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.HOME-5NR1RMGI5L^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Owner.HOME-5NR1RMGI5L\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\winnt\pss\RCA Detective.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\winnt\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 01:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 14:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-10-19 13:59 126976 ----a-w- c:\winnt\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 22:16 421160 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 19:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2010-04-13 14:12 15688 -c--a-w- c:\program files\Plaxo\3.24.0.82\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
2010-04-13 14:12 762184 -c--a-w- c:\program files\Plaxo\3.24.0.82\PlaxoHelper_en.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 05:01 155648 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-08 22:38 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-28 01:37 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINNT\\system32\\sessmgr.exe"=
"c:\\WINNT\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Owner.HOME-5NR1RMGI5L\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\WINNT\\system32\\msfeedssync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/29/2011 1:33 PM 366640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/29/2009 8:21 PM 24652]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/29/2011 1:33 PM 22712]
S0 nielprt;Nielsen Patch Service;c:\winnt\system32\DRIVERS\nielprt.sys --> c:\winnt\system32\DRIVERS\nielprt.sys [?]
S2 gupdate1c9bddd41123d4a;Google Update Service (gupdate1c9bddd41123d4a);c:\program files\Google\Update\GoogleUpdate.exe [4/15/2009 11:17 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [3/13/2011 4:12 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/15/2009 11:17 AM 133104]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\winnt\system32\drivers\nx6000.sys [9/30/2010 8:40 PM 30576]
S3 NielGfx;Nielsen USB GFX;c:\winnt\system32\drivers\nielgfx.sys --> c:\winnt\system32\drivers\nielgfx.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-09-05 c:\winnt\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-30 15:16]
.
2011-09-05 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 15:16]
.
2011-09-05 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-15 15:16]
.
2011-09-05 c:\winnt\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-30 02:05]
.
2011-09-05 c:\winnt\Tasks\User_Feed_Synchronization-{54D4DDA0-6D57-415C-9F9D-F0DA38B79C92}.job
- c:\winnt\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?icid=acm50mtmhpunauthgreeting#
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{657E195F-066D-435C-92DB-7C261E6FE832} - (no file)
HKLM-Run-TaskTray - (no file)
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Dell AIO Printer A920 - c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Logitech Vid\vid.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-NielsenOnline - c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3216)
c:\winnt\system32\WININET.dll
c:\winnt\system32\ieframe.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\LEXBCES.EXE
c:\winnt\system32\LEXPPS.EXE
c:\program files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\BCMSMMSG.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\winnt\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-09-05 14:34:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-05 18:34
.
Pre-Run: 15,142,924,288 bytes free
Post-Run: 15,232,069,632 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 0BD94BBFDA947BB5349758F6EB515197

virus

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-05 13:03:41
-----------------------------
13:03:41.984 OS Version: Windows 5.1.2600 Service Pack 3
13:03:41.984 Number of processors: 1 586 0x209
13:03:41.984 ComputerName: BLACKIE UserName: Owner
13:03:47.921 Initialize success
13:07:30.625 AVAST engine defs: 11090500
13:07:48.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:07:48.187 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
13:07:48.250 Disk 0 MBR read successfully
13:07:48.250 Disk 0 MBR scan
13:07:48.828 Disk 0 Windows XP default MBR code
13:07:48.859 Disk 0 scanning sectors +78156225
13:07:49.203 Disk 0 scanning C:\WINNT\system32\drivers
13:08:26.843 Service scanning
13:08:33.046 Modules scanning
13:09:01.281 Disk 0 trace - called modules:
13:09:01.312 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
13:09:01.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcdab8]
13:09:01.312 3 CLASSPNP.SYS[f75c5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fcfd98]
13:09:04.328 AVAST engine scan C:\WINNT
13:09:16.812 AVAST engine scan C:\WINNT\system32
13:15:47.265 AVAST engine scan C:\WINNT\system32\drivers
13:16:20.453 AVAST engine scan C:\Documents and Settings\Owner.HOME-5NR1RMGI5L
13:23:54.859 AVAST engine scan C:\Documents and Settings\All Users.WINNT
13:27:36.453 Scan finished successfully
13:39:06.578 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\MBR.dat"
13:39:06.578 The log file has been saved successfully to "C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\aswMBR.txt"


Did I get all of them?

virus

OTL logfile created on: 9/5/2011 6:56:26 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 271.61 Mb Available Physical Memory | 35.46% Memory free
2.96 Gb Paging File | 2.55 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 2304 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.99 Gb Free Space | 37.58% Space Free | Partition Type: NTFS

Computer Name: BLACKIE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/05 18:51:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
PRC - [2011/08/06 21:34:47 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/05 05:08:25 | 001,384,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090500\algo.dll
MOD - [2011/09/05 04:17:50 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090500\aswRep.dll
MOD - [2011/08/11 18:01:19 | 000,212,992 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 18:34:46 | 007,950,848 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/10 18:32:36 | 002,048,000 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/08/10 18:32:33 | 003,182,592 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/08/10 18:32:26 | 002,933,248 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/08/10 18:32:25 | 000,425,984 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/08/10 18:31:58 | 000,626,688 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/08/10 18:31:56 | 000,303,104 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/08/10 18:31:49 | 000,258,048 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/08/10 18:31:45 | 000,261,632 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/10 18:31:31 | 000,114,688 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/08/10 18:30:59 | 005,025,792 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/06/26 18:14:38 | 011,490,816 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/02/26 16:49:16 | 000,854,016 | ---- | M] () -- C:\WINNT\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/02/26 16:49:11 | 000,270,336 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/02/26 16:49:09 | 000,409,960 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/02/26 16:49:07 | 000,476,520 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/02/26 16:48:55 | 000,046,952 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/02/26 16:48:54 | 000,023,912 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/02/26 16:48:54 | 000,018,792 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/02/26 16:48:54 | 000,012,136 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/02/26 16:48:53 | 000,421,224 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/02/26 16:48:52 | 000,269,672 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/02/26 16:48:51 | 000,120,168 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/02/26 16:48:51 | 000,070,504 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/02/26 16:48:50 | 000,121,704 | ---- | M] () -- C:\WINNT\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINNT\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINNT\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINNT\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?icid=acm50mtmhpunauthgreeting#
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\


O1 HOSTS File: ([2011/09/05 14:24:46 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-823518204-2025429265-839522115-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236304913634 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236305120181 (MUWebControl Class)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {775879E2-7309-4619-BB02-AADE41F4B690} http://webgames.d.tmsrv.com/c=51ebb...ronicles/dreamchronicles/dreamweb.1.0.0.9.cab (CPlayFirstdreamControl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.sun.com/s/ESD7/JS...5/&filename=jinstall-6u12-windows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC6DEB69-355C-480C-9408-580DCD42E9C3}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/25 13:57:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.iac2 - C:\WINNT\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINNT\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave - C:\WINNT\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 18:51:19 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
[2011/09/05 15:59:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/05 14:49:51 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswFsBlk.sys
[2011/09/05 14:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\avast! Free Antivirus
[2011/09/05 14:49:50 | 000,309,848 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswSP.sys
[2011/09/05 14:49:45 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswRdr.sys
[2011/09/05 14:49:44 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswSnx.sys
[2011/09/05 14:49:44 | 000,043,608 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswTdi.sys
[2011/09/05 14:49:42 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswmon2.sys
[2011/09/05 14:49:42 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aswmon.sys
[2011/09/05 14:49:41 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINNT\System32\drivers\aavmker4.sys
[2011/09/05 14:48:02 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINNT\avastSS.scr
[2011/09/05 14:48:00 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINNT\System32\aswBoot.exe
[2011/09/05 14:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/05 14:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\AVAST Software
[2011/09/05 14:00:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/09/05 13:57:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2011/09/05 13:57:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2011/09/05 13:57:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2011/09/05 13:57:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2011/09/05 13:56:48 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2011/09/05 13:56:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 13:40:36 | 004,195,245 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\ComboFix.exe
[2011/09/05 13:03:08 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\aswMBR.exe
[2011/09/05 11:07:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Recent
[2011/09/04 21:31:23 | 001,249,696 | ---- | C] (Alactro LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\BestVideoDownloaderSetup.exe
[2011/09/04 09:48:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEPPEX
[2011/09/04 09:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2011/08/31 16:24:20 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\tdsskiller.exe
[2011/08/29 15:18:28 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\dds.scr
[2011/08/29 13:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Malwarebytes
[2011/08/29 13:33:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011/08/29 13:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/29 13:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
[2011/08/29 13:33:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/08/29 13:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/29 13:32:09 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/25 09:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\.frostwire5
[2011/08/25 09:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Start Menu\Programs\FrostWire 5
[2011/08/25 09:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2011/08/09 16:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\BigFish
[2011/08/09 16:11:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Application Data\BigFish
[2011/08/09 16:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Jewel Quest Mysteries - The Seventh Gate
[2011/08/09 16:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Jewel Quest Mysteries - The Seventh Gate
[2009/03/27 08:59:52 | 013,440,584 | ---- | C] (AOL LLC.) -- C:\Program Files\Install_AIM.exe
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 18:51:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
[2011/09/05 18:40:00 | 000,000,886 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/05 18:27:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/05 15:47:10 | 000,000,418 | -H-- | M] () -- C:\WINNT\tasks\User_Feed_Synchronization-{54D4DDA0-6D57-415C-9F9D-F0DA38B79C92}.job
[2011/09/05 14:49:52 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\avast! Free Antivirus.lnk
[2011/09/05 14:49:42 | 000,002,625 | ---- | M] () -- C:\WINNT\System32\CONFIG.NT
[2011/09/05 14:45:34 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\setup_av_free.exe
[2011/09/05 14:24:55 | 000,000,868 | ---- | M] () -- C:\WINNT\tasks\Google Software Updater.job
[2011/09/05 14:24:46 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2011/09/05 14:24:31 | 000,000,882 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/05 14:24:23 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/09/05 14:00:57 | 000,000,323 | RHS- | M] () -- C:\boot.ini
[2011/09/05 13:57:09 | 004,195,245 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\ComboFix.exe
[2011/09/05 13:39:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\MBR.dat
[2011/09/05 13:03:27 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\aswMBR.exe
[2011/09/04 21:31:30 | 001,249,696 | ---- | M] (Alactro LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\BestVideoDownloaderSetup.exe
[2011/09/02 18:45:37 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/09/01 18:35:00 | 000,158,653 | ---- | M] () -- C:\WINNT\System32\drivers\AVG\iavichjg.avm
[2011/08/31 16:24:25 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\tdsskiller.exe
[2011/08/29 15:18:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\dds.scr
[2011/08/29 14:00:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\bdoinouq.exe
[2011/08/29 13:33:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/29 13:32:11 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/29 09:49:00 | 000,006,122 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\rootkitscan.csv
[2011/08/25 11:34:59 | 000,126,112 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\cc_20110825_113451.reg
[2011/08/25 09:37:26 | 000,000,000 | ---- | M] () -- C:\WINNT\2936415324
[2011/08/25 09:28:49 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\FrostWire 5.1.4.lnk
[2011/08/19 17:06:03 | 000,001,070 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\magicJack.lnk
[2011/08/17 10:38:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/08/10 18:33:05 | 000,441,546 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/08/10 18:33:05 | 000,071,482 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/08/09 16:10:50 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Play Jewel Quest Mysteries - The Seventh Gate.lnk
[2011/08/09 16:10:50 | 000,001,246 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Desktop\More Great Games.lnk
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 14:49:52 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\avast! Free Antivirus.lnk
[2011/09/05 14:45:09 | 056,167,608 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\setup_av_free.exe
[2011/09/05 14:00:57 | 000,000,206 | ---- | C] () -- C:\Boot.bak
[2011/09/05 14:00:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/09/05 13:57:53 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2011/09/05 13:57:53 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2011/09/05 13:57:53 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2011/09/05 13:57:53 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2011/09/05 13:57:53 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2011/09/05 13:39:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\MBR.dat
[2011/08/29 14:00:54 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\bdoinouq.exe
[2011/08/29 13:33:59 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/25 15:54:28 | 000,006,122 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\rootkitscan.csv
[2011/08/25 11:34:55 | 000,126,112 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\cc_20110825_113451.reg
[2011/08/25 09:37:26 | 000,000,000 | ---- | C] () -- C:\WINNT\2936415324
[2011/08/25 09:28:46 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\FrostWire 5.1.4.lnk
[2011/08/09 16:10:50 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\Play Jewel Quest Mysteries - The Seventh Gate.lnk
[2011/08/09 16:10:50 | 000,001,246 | ---- | C] () -- C:\Documents and Settings\All Users.WINNT\Desktop\More Great Games.lnk
[2011/02/22 17:41:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/15 20:55:50 | 000,000,000 | ---- | C] () -- C:\WINNT\pcfriend.INI
[2010/12/08 23:22:44 | 000,000,000 | ---- | C] () -- C:\WINNT\Curses.INI
[2010/06/17 11:36:24 | 000,015,420 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2010/03/29 14:36:06 | 000,085,504 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2009/12/25 15:16:05 | 000,000,478 | ---- | C] () -- C:\Program Files\Shortcut to FrostWire.lnk
[2009/12/02 19:23:43 | 000,004,096 | ---- | C] () -- C:\WINNT\d3dx.dat
[2009/09/25 11:21:35 | 000,000,049 | ---- | C] () -- C:\WINNT\lexstat.ini
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\WINNT\System32\lvcoinst.ini
[2009/04/13 13:25:51 | 000,000,138 | ---- | C] () -- C:\WINNT\wininit.ini
[2009/03/29 20:21:23 | 000,000,021 | ---- | C] () -- C:\WINNT\atid.ini
[2009/03/08 19:21:35 | 000,000,445 | ---- | C] () -- C:\WINNT\dellstat.ini
[2009/03/06 08:12:36 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2009/03/05 20:44:04 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2009/03/05 20:32:42 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2009/03/05 15:00:01 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2009/03/05 14:58:33 | 000,110,192 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2008/03/25 13:59:04 | 000,021,249 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Outlook.NK2
[2008/02/25 18:03:48 | 000,193,742 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Owner.wab~
[2008/02/25 17:56:25 | 000,213,882 | ---- | C] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Owner.wab
[2003/11/20 17:39:58 | 000,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[2003/07/16 16:41:25 | 000,441,546 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,482 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\dcache.bin

========== LOP Check ==========

[2009/03/29 20:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\acccore
[2010/05/11 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\AIM
[2011/09/05 14:47:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\AVAST Software
[2010/11/22 15:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\avg9
[2011/08/09 16:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Big Fish Games
[2011/03/02 15:20:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonBJ
[2011/03/02 15:59:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonEPP
[2011/04/15 11:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJ
[2011/03/02 18:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEGV
[2011/09/04 09:48:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEPPEX
[2011/03/02 15:59:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJEPPEX2
[2011/03/02 15:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJMSetup
[2011/03/15 14:41:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJMyPrinter
[2011/09/04 10:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJPLM
[2011/04/15 11:19:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJScan
[2011/03/02 15:59:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJSolutionMenuEX
[2011/03/02 15:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\CanonIJWSpt
[2009/12/07 20:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Christmasville
[2010/07/15 15:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\com.comcast.access
[2010/11/22 15:39:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Common Files
[2011/04/21 20:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Exorcist DS 1
[2011/04/20 20:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\GameHouse
[2009/11/13 16:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Gogii
[2010/12/25 10:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\magicJack
[2009/10/27 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Merscom
[2011/04/13 20:43:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\MumboJumbo
[2011/03/31 20:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\NeoEdge Networks
[2011/09/04 22:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TEMP
[2011/03/31 20:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\TERMINAL Studio
[2011/09/05 18:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint
[2011/04/20 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Zylom
[2010/06/17 11:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/03/30 21:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\acccore
[2009/12/02 19:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Aisle 5 Games, Inc
[2011/07/22 21:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Artogon
[2011/01/29 20:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Big Fish Games
[2011/09/04 10:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Canon
[2011/04/30 09:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Canon Easy-WebPrint EX
[2009/12/06 20:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\cerasus.media
[2010/07/15 15:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2011/05/31 20:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\EnchantedCavern
[2011/01/31 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\ERS Game Studios
[2009/09/20 08:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2011/06/29 19:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Friday's games
[2011/08/25 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\FrostWire
[2011/01/06 20:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\GameHousev1002
[2010/01/04 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\GhostFleet
[2011/07/17 18:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Jewel Match 3
[2010/11/26 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Lazy Turtle Games
[2009/04/14 19:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Leadertech
[2009/07/25 21:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Magic Academy
[2009/10/27 18:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Merscom
[2011/08/19 17:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp
[2010/02/07 17:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue
[2011/06/29 20:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\URSE Games
[2010/03/29 14:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\WeatherBug
[2011/09/05 15:47:10 | 000,000,418 | -H-- | M] () -- C:\WINNT\Tasks\User_Feed_Synchronization-{54D4DDA0-6D57-415C-9F9D-F0DA38B79C92}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/25 13:57:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/06 17:05:50 | 000,000,206 | ---- | M] () -- C:\Boot.bak
[2011/09/05 14:00:57 | 000,000,323 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/09/05 14:34:15 | 000,019,675 | ---- | M] () -- C:\ComboFix.txt
[2008/02/25 13:57:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/02/25 13:57:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/13 09:38:13 | 000,002,658 | -H-- | M] () -- C:\IPH.PH
[2008/03/27 19:10:43 | 000,000,064 | ---- | M] () -- C:\jetscan.log
[2008/07/30 17:28:15 | 000,006,769 | ---- | M] () -- C:\lvcoinst.log
[2008/04/11 19:57:45 | 000,000,200 | ---- | M] () -- C:\lxbm.log
[2008/02/25 13:57:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/09 18:51:37 | 000,000,999 | ---- | M] () -- C:\net_save.dna
[2011/01/19 14:06:23 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2009/03/06 08:21:44 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/06 14:03:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/09/05 14:24:13 | 2415,919,104 | -HS- | M] () -- C:\pagefile.sys
[2010/04/25 10:38:10 | 000,006,179 | ---- | M] () -- C:\plaxo.log
[2010/02/10 12:08:31 | 000,001,292 | ---- | M] () -- C:\Player Loader_log.txt
[2009/02/16 21:11:23 | 000,000,959 | ---- | M] () -- C:\rollback.ini
[2008/02/25 17:18:19 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2011/08/31 16:29:52 | 000,041,878 | ---- | M] () -- C:\TDSSKiller.2.5.17.0_31.08.2011_16.25.09_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINNT\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINNT\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINNT\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINNT\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/03/05 20:35:44 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/07 06:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\WINNT\system32\spool\prtprocs\w32x86\CNMPDAE.DLL
[2010/04/07 06:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:\WINNT\system32\spool\prtprocs\w32x86\CNMPPAE.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINNT\avastSS.scr
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2009/03/09 14:03:46 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2009/03/27 09:00:22 | 013,440,584 | ---- | M] (AOL LLC.) -- C:\Program Files\Install_AIM.exe
[2009/12/25 15:16:05 | 000,000,478 | ---- | M] () -- C:\Program Files\Shortcut to FrostWire.lnk

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/03/05

14:57:32 | 000,094,208 | ---- | M] () -- C:\WINNT\System32\config\default.sav
[2009/03/05 14:57:32 | 000,602,112 | ---- | M] () -- C:\WINNT\System32\config\software.sav
[2009/03/05 14:57:32 | 000,389,120 | ---- | M] () -- C:\WINNT\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/04/08 22:11:42 | 000,000,212 | ---- | M] () -- C:\Documents and Settings\All Users.WINNT\Start Menu\Create & Print Home.url
[2009/03/06 14:11:16 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINNT\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/06 15:18:35 | 000,000,175 | -HS- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/05 20:50:07 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/09/05 13:03:27 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\aswMBR.exe
[2011/08/29 14:00:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\bdoinouq.exe
[2011/09/04 21:31:30 | 001,249,696 | ---- | M] (Alactro LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\BestVideoDownloaderSetup.exe
[2011/09/05 13:57:09 | 004,195,245 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\ComboFix.exe
[2011/08/29 13:32:11 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/05 18:51:35 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\OTL.exe
[2011/09/05 14:45:34 | 056,167,608 | ---- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\setup_av_free.exe
[2011/08/31 16:24:25 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\tdsskiller.exe
[2009/03/24 17:35:40 | 007,882,936 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop\upgrade.exemagic jack.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/06/03 21:47:47 | 000,208,928 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\bigfishgames_p107748926_s1_l1.exe
[2010/03/13 23:15:55 | 000,207,888 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\bigfishgames_p67008553_s1_l1.exe
[2011/02/03 22:34:28 | 000,208,072 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\bigfishgames_p95917157_s1_l1.exe
[2011/03/11 21:58:56 | 000,208,928 | ---- | M] (Big Fish Games) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\bigfishgames_p99442785_s1_l1.exe
[2008/09/24 19:37:45 | 002,928,600 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\ccleaner new.exe
[2009/07/10 19:52:28 | 003,252,640 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\ccsetup221.exe
[2009/12/25 15:17:59 | 009,636,184 | ---- | M] (FrostWire, LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\frostwire-4.18.5.windows.exe
[2010/06/17 11:17:38 | 096,768,824 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\iTunesSetup.exe
[2008/08/10 17:45:30 | 015,261,368 | ---- | M] (LightScribe ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\lightScribeSimpleLabeler-1.4.128.1.exe
[2008/08/10 17:50:45 | 008,783,904 | ---- | M] (LightScribe ) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\LS_Update_1.14.19.1_.exe
[2010/04/25 10:36:07 | 003,414,080 | ---- | M] (Plaxo, Inc.) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\PlaxoInstall_en.exe
[2008/11/13 20:38:43 | 008,733,344 | ---- | M] (magicJack L.P.) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\upgrade.exe
[2011/02/13 11:57:53 | 002,216,056 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\VLC_32.exe
[2010/02/07 17:12:33 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\My Documents\wmp11-windowsxp-x86-enu.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/06 15:18:35 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/09/05 18:49:32 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINNT\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/07/16 16:32:13 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2003/07/16 16:38:45 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/07/16 16:38:46 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/07/16 16:40:43 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 12:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMPDF112BD
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:C22674B6
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:4CA05B44
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A02025CE
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:1709732A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:57B374AB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9BAC4211
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9E4F05ED
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:436BE28C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A4E7D25F

< End of report >

virus

OTL Extras logfile created on: 9/5/2011 6:56:26 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 271.61 Mb Available Physical Memory | 35.46% Memory free
2.96 Gb Paging File | 2.55 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 2304 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.99 Gb Free Space | 37.58% Space Free | Partition Type: NTFS

Computer Name: BLACKIE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabledxpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINNT\system32\msfeedssync.exe" = C:\WINNT\system32\msfeedssync.exe:*isabled:Microsoft Feeds Synchronization -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21CBD20D-D287-49AF-8866-E5653E45AC5C}" = TurboTax 2010 wwviper
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_7" = AIM 7
"AIMTunes" = AIMTunes
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BFGC" = Big Fish Games: Game Manager
"BFG-Cursed House" = Cursed House
"BFG-Jewel Quest Mysteries - The Seventh Gate" = Jewel Quest Mysteries: The Seventh Gate
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Driver Performer_is1" = Driver Performer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow
"FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream
"FrostWire 5" = FrostWire 5.1.4
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Plaxo" = Plaxo Toolbar for Windows
"RCA Detective™_is1" = RCA Detective™ 2.0.0.98
"RCA easyRip™_is1" = RCA easyRip™ 1.4.6.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TurboTax 2010" = TurboTax 2010
"VLC media player" = VLC media player 1.1.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2011 5:21:20 PM | Computer Name = BLACKIE | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070020

Error - 4/15/2011 5:53:51 PM | Computer Name = BLACKIE | Source = ESENT | ID = 490
Description = svchost (1260) An attempt to open the file "C:\WINNT\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/15/2011 5:54:09 PM | Computer Name = BLACKIE | Source = ESENT | ID = 490
Description = svchost (1260) An attempt to open the file "C:\WINNT\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/9/2011 5:28:37 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/9/2011 5:30:27 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/9/2011 5:30:32 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1001
Description = Fault bucket -1886626976.

Error - 5/22/2011 10:12:25 AM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application musicfrost.exe, version 3.2.0.10, faulting module
musicfrost.exe, version 3.2.0.10, fault address 0x0001b48b.

Error - 8/29/2011 2:05:14 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application bdoinouq.exe, version 1.0.15.15641, faulting
module bdoinouq.exe, version 1.0.15.15641, fault address 0x0000c676.

Error - 8/29/2011 2:05:30 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1001
Description = Fault bucket -1709570951.

Error - 9/5/2011 2:29:46 PM | Computer Name = BLACKIE | Source = Application Hang | ID = 1002
Description = Hanging application aim.exe, version 7.5.8.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/5/2011 2:08:15 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 2:26:38 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 2:50:41 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 2:51:11 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/5/2011 6:26:26 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 6:26:56 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/5/2011 6:26:59 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 6:27:28 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/5/2011 6:44:09 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 6:44:39 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.


< End of report >



The computer is doin fine. Deleted ask toolbar, also all viewpoint media programs.
should I keep or delete all these cleaning programs when finished?

ran the otl on run fix, had to reboot myself , recieved no logs. on start up, microsoft error,
java suite crashed into buffer overrun,silent installation of jusched.exe undeserable.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found.
Registry value HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINNT\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINNT\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control PackageCab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PackageCab\ not found.
C:\WINNT\002158_.tmp deleted successfully.
C:\WINNT\005091_.tmp deleted successfully.
C:\WINNT\SET3.tmp deleted successfully.
C:\WINNT\SET7.tmp deleted successfully.
C:\WINNT\SETD.tmp deleted successfully.
C:\WINNT\System32\ConduitEngine.tmp deleted successfully.
C:\WINNT\System32\CONFIG.TMP deleted successfully.
C:\WINNT\System32\SETCB.tmp deleted successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\sounds\stream folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\sounds folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\puzzles folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\properties folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images\upsell folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images\mainmenubkg folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images\backdrops folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\data folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2 folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\speed up my pc 4 folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster\_temp folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster\history folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster\backup folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue folder moved successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMPDF112BD deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:EB4FEEF5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:4CA05B44 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:1709732A deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:8E5EA40F deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:57B374AB deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9BAC4211 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9E4F05ED deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:436BE28C deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A4E7D25F deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com\ not found.
========== FILES ==========
File\Folder C:\Program Files\MyWebSearch not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users.WINNT

User: Default User.WINNT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner.HOME-5NR1RMGI5L
->Temp folder emptied: 10465335 bytes
->Temporary Internet Files folder emptied: 33441191 bytes
->Java cache emptied: 3879 bytes
->Flash cache emptied: 4580 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53329 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: All Users.WINNT

User: Default User.WINNT
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService.NT AUTHORITY

User: Owner.HOME-5NR1RMGI5L
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09062011_220318

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD1A9.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD1BC.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD356.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD38F.tmp not found!
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\T3RGV9HR\topic170071-2[1].html moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\P0OVG3T1\aol_com[2].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\P0OVG3T1\hub[2].html moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\P0OVG3T1\xfinity_comcast_net[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\FG73KAZ1\League_Gothic-webfont[1].eot moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\ABM8BYV1\a[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\ABM8BYV1\BebasNeue-webfont[1].eot moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\ABM8BYV1\load_v7[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINNT\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

virus

C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031002.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031008.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031010.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031011.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031013.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031014.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031017.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031019.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031020.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031022.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031023.DLL Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031024.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031025.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031028.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031032.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031033.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031034.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP223\A0033799.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users.WINNT

User: Default User.WINNT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner.HOME-5NR1RMGI5L
->Temp folder emptied: 1123528 bytes
->Temporary Internet Files folder emptied: 35981092 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3827 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 626060 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 209448 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: All Users.WINNT

User: Default User.WINNT
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService.NT AUTHORITY

User: Owner.HOME-5NR1RMGI5L
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.27.0 log created on 09082011_202954

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF75D0.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF7754.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF8AC2.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF8AD7.tmp not found!
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\HT3MV8XV\showthread[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINNT\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Broni,thank you for all your help. computer seems to be ok except on start up, am getting "jusched.exe encountered a problem and needs to close" and shell_notifyicon failed to perform desired action. are they important?