TechSpot

Win 32/Heur Report from Avg

By Dengel
Mar 9, 2011
  1. Yesterday Avg showed that the Kingdoms.exe of the Total War Kingdoms expansion were infected as well as two system restore points. It had also show one other .exe as infected but that was reported as a false alarm and removed today a 1:30

    Here are the logs

    Internet Explorer 8.0.6001.18702

    3/9/2011 3:12:26 PM
    mbam-log-2011-03-09 (15-12-25).txt

    Scan type: Quick scan
    Objects scanned: 174610
    Time elapsed: 6 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ========================
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-09 16:11:38
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-1f WDC_WD2000BB-22GUC0 rev.08.02D08
    Running: wezip68e.exe; Driver: C:\DOCUME~1\NICKCL~1\LOCALS~1\Temp\kxtdqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB84C26C0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB84C2770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB84C2810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB84C28B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF656C300]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Nick Clark at 16:14:05.28 on Wed 03/09/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.177 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\zHotkey.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Nick Clark\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.emachines.com/
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\nick clark\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [CHotkey] zHotkey.exe
    mRun: [ShowWnd] ShowWnd.exe
    mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\SANDIS~1.LNK -
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://aolsvc.aol.com/onlinegames/luxor/mjolauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_3_1_07-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\nickcl~1\applic~1\mozilla\firefox\profiles\o0lkqy6k.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\nick clark\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: AVG Security Toolbar em:version=5.008.027.003 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
    FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2007-10-9 198144]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-2 488776]
    .
    =============== Created Last 30 ================
    .
    2011-03-06 09:09:13 -------- d-----w- c:\docume~1\nickcl~1\locals~1\applic~1\ArmA 2 Demo
    2011-03-04 05:23:38 -------- d-----w- c:\docume~1\nickcl~1\applic~1\OpenOffice.org
    2011-02-19 02:44:17 -------- d-----w- c:\program files\Gmask 1.70 English
    2011-02-18 19:30:08 -------- d-----w- c:\program files\iTunes
    2011-02-16 19:41:42 -------- d-----w- c:\program files\iPod
    2011-02-16 02:15:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-02-16 02:15:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-10 02:23:24 -------- d-----w- c:\docume~1\nickcl~1\locals~1\applic~1\Temp
    2011-02-10 02:23:01 -------- d-----w- c:\docume~1\nickcl~1\locals~1\applic~1\Google
    2011-02-07 22:02:11 -------- d-----w- c:\docume~1\nickcl~1\locals~1\applic~1\Adobe
    .
    ==================== Find3M ====================
    .
    2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-14 02:16:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    .
    ============= FINISH: 16:14:52.17 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/26/2009 2:55:53 PM
    System Uptime: 3/9/2011 3:01:55 PM (1 hours ago)
    .
    Motherboard: MICRO-STAR | | MS-7145
    Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2392/199mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 182 GiB total, 113.753 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 0.992 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_145C1462&REV_10\4&2E26DDEC&0&18A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_145C1462&REV_10\4&2E26DDEC&0&18A4
    Service: RTL8023xp
    .
    ==== System Restore Points ===================
    .
    RP166: 12/9/2010 12:27:13 PM - Installed Google SketchUp 8
    RP167: 12/10/2010 1:23:36 PM - System Checkpoint
    RP168: 12/12/2010 1:25:11 PM - Installed Medieval II Total War : Kingdoms : Teutonic
    RP169: 12/16/2010 7:41:18 PM - System Checkpoint
    RP170: 12/17/2010 10:26:01 PM - System Checkpoint
    RP171: 12/19/2010 8:53:49 PM - System Checkpoint
    RP172: 12/20/2010 10:03:57 PM - System Checkpoint
    RP173: 12/21/2010 10:11:36 PM - System Checkpoint
    RP174: 12/25/2010 12:03:24 PM - System Checkpoint
    RP175: 12/26/2010 7:15:53 PM - Installed Compact Wireless-G USB Network Adapter with SpeedBoost
    RP176: 12/26/2010 7:18:35 PM - Installed Compact Wireless-G USB Network Adapter with SpeedBoost
    RP177: 12/26/2010 7:20:50 PM - Removed Compact Wireless-G USB Network Adapter with SpeedBooster
    RP178: 12/26/2010 7:21:17 PM - Installed Compact Wireless-G USB Network Adapter with SpeedBoost
    RP179: 12/26/2010 7:24:19 PM - Removed Compact Wireless-G USB Network Adapter with SpeedBooster
    RP180: 12/26/2010 7:25:10 PM - Installed Compact Wireless-G USB Network Adapter with SpeedBoost
    RP181: 12/26/2010 7:29:05 PM - Removed Norton Security Center
    RP182: 12/26/2010 7:30:18 PM - Removed Compact Wireless-G USB Network Adapter with SpeedBooster
    RP183: 12/26/2010 7:33:17 PM - Installed Compact Wireless-G USB Network Adapter with SpeedBoost
    RP184: 12/26/2010 7:41:46 PM - Removed Compact Wireless-G USB Network Adapter with SpeedBooster
    RP185: 12/27/2010 1:48:28 AM - Software Distribution Service 3.0
    RP186: 12/27/2010 2:39:03 PM - Software Distribution Service 3.0
    RP187: 12/27/2010 5:40:47 PM - Software Distribution Service 3.0
    RP188: 12/28/2010 1:51:48 AM - Software Distribution Service 3.0
    RP189: 12/28/2010 8:01:11 PM - Software Distribution Service 3.0
    RP190: 12/28/2010 8:56:55 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP191: 12/29/2010 3:00:44 AM - Software Distribution Service 3.0
    RP192: 12/29/2010 3:59:29 PM - Software Distribution Service 3.0
    RP193: 12/29/2010 4:07:40 PM - Software Distribution Service 3.0
    RP194: 12/29/2010 4:42:32 PM - Software Distribution Service 3.0
    RP195: 12/30/2010 7:50:37 PM - System Checkpoint
    RP196: 12/31/2010 8:17:25 PM - System Checkpoint
    RP197: 1/1/2011 10:16:01 PM - System Checkpoint
    RP198: 1/3/2011 1:52:04 AM - System Checkpoint
    RP199: 1/4/2011 6:53:19 PM - Removed Medieval II Total War : Kingdoms : Britannia
    RP200: 1/4/2011 6:54:43 PM - Removed Medieval II Total War : Kingdoms : Teutonic
    RP201: 1/4/2011 6:55:35 PM - Removed Medieval II Total War
    RP202: 1/4/2011 7:00:47 PM - Installed Medieval II Total War
    RP203: 1/4/2011 7:15:32 PM - Installed DirectX
    RP204: 1/5/2011 2:37:36 AM - Configured Medieval II Total War
    RP205: 1/5/2011 2:38:58 AM - Installed DirectX
    RP206: 1/5/2011 5:23:15 PM - Removed Medieval II Total War
    RP207: 1/5/2011 5:28:49 PM - Installed Medieval II Total War
    RP208: 1/5/2011 5:47:54 PM - Installed DirectX
    RP209: 1/5/2011 6:17:45 PM - Configured Medieval II Total War
    RP210: 1/5/2011 6:19:17 PM - Installed DirectX
    RP211: 1/7/2011 2:59:37 AM - System Checkpoint
    RP212: 1/8/2011 3:59:07 AM - System Checkpoint
    RP213: 1/9/2011 8:18:02 PM - System Checkpoint
    RP214: 1/11/2011 2:10:54 PM - System Checkpoint
    RP215: 1/12/2011 1:26:29 PM - Software Distribution Service 3.0
    RP216: 1/13/2011 3:44:41 PM - System Checkpoint
    RP217: 1/14/2011 9:52:41 PM - System Checkpoint
    RP218: 1/17/2011 11:27:11 AM - System Checkpoint
    RP219: 1/17/2011 5:20:45 PM - Configured Medieval II Total War
    RP220: 1/17/2011 5:22:26 PM - Installed Medieval II Total War : Kingdoms : Teutonic
    RP221: 1/18/2011 5:23:03 PM - Removed Medieval II Total War : Kingdoms : Teutonic
    RP222: 1/18/2011 5:25:48 PM - Installed Medieval II Total War : Kingdoms : Crusades
    RP223: 1/20/2011 1:09:08 PM - System Checkpoint
    RP224: 1/21/2011 2:02:06 PM - System Checkpoint
    RP225: 1/22/2011 5:40:03 PM - System Checkpoint
    RP226: 1/23/2011 8:13:47 PM - System Checkpoint
    RP227: 1/25/2011 1:19:39 AM - System Checkpoint
    RP228: 1/27/2011 4:10:20 AM - System Checkpoint
    RP229: 1/28/2011 4:24:53 AM - System Checkpoint
    RP230: 1/29/2011 5:24:53 AM - System Checkpoint
    RP231: 1/30/2011 6:24:54 AM - System Checkpoint
    RP232: 1/31/2011 3:16:41 PM - System Checkpoint
    RP233: 2/1/2011 1:20:49 PM - Installed DirectX
    RP234: 2/2/2011 3:32:20 PM - System Checkpoint
    RP235: 2/3/2011 6:28:40 PM - System Checkpoint
    RP236: 2/5/2011 1:05:59 AM - System Checkpoint
    RP237: 2/6/2011 2:45:36 AM - System Checkpoint
    RP238: 2/7/2011 2:50:02 AM - System Checkpoint
    RP239: 2/8/2011 7:19:02 AM - System Checkpoint
    RP240: 2/9/2011 10:04:45 PM - System Checkpoint
    RP241: 2/10/2011 3:00:24 AM - Software Distribution Service 3.0
    RP242: 2/10/2011 10:11:05 PM - Removed Adobe Reader 7.0
    RP243: 2/10/2011 10:11:39 PM - Installed Adobe Reader X (10.0.1).
    RP244: 2/12/2011 1:47:38 AM - System Checkpoint
    RP245: 2/13/2011 2:53:24 AM - System Checkpoint
    RP246: 2/14/2011 4:29:11 AM - System Checkpoint
    RP247: 2/15/2011 2:46:26 PM - System Checkpoint
    RP248: 2/15/2011 9:14:10 PM - Removed Java(TM) 6 Update 17
    RP249: 2/15/2011 9:14:48 PM - Installed Java(TM) 6 Update 21
    RP250: 2/16/2011 2:09:06 PM - Installed Java(TM) 6 Update 24
    RP251: 2/17/2011 4:56:05 PM - System Checkpoint
    RP252: 2/18/2011 2:28:25 PM - Removed iTunes
    RP253: 2/19/2011 4:25:02 PM - System Checkpoint
    RP254: 2/20/2011 7:03:00 PM - System Checkpoint
    RP255: 2/21/2011 7:22:17 PM - System Checkpoint
    RP256: 2/23/2011 3:41:11 PM - System Checkpoint
    RP257: 2/24/2011 6:52:37 PM - System Checkpoint
    RP258: 2/24/2011 11:07:21 PM - Software Distribution Service 3.0
    RP259: 2/25/2011 11:14:25 PM - System Checkpoint
    RP260: 2/27/2011 12:30:48 AM - System Checkpoint
    RP261: 2/28/2011 1:06:04 AM - System Checkpoint
    RP262: 3/1/2011 2:39:53 AM - System Checkpoint
    RP263: 3/2/2011 10:14:31 PM - System Checkpoint
    RP264: 3/3/2011 11:34:24 PM - System Checkpoint
    RP265: 3/4/2011 12:11:52 AM - Installed Java(TM) 6 Update 22
    RP266: 3/4/2011 12:13:07 AM - Installed OpenOffice.org 3.3
    RP267: 3/4/2011 10:45:20 AM - Installed HP Product Assistant
    RP268: 3/5/2011 12:44:21 PM - System Checkpoint
    RP269: 3/6/2011 4:07:38 AM - Installed DirectX
    RP270: 3/7/2011 5:11:41 PM - System Checkpoint
    RP271: 3/8/2011 5:27:08 PM - System Checkpoint
    RP272: 3/9/2011 1:45:21 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    2570
    2570_Help
    2570Trb
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    AiO_Scan_CDA
    AiOSoftwareNPI
    America Online (Choose which version to remove)
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Connectivity Services
    AOL Spyware Protection
    AOL Toolbar
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Aspell English Dictionary-0.50-2
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    AVG 2011
    BitTorrent
    Bonjour
    BufferChm
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Digital Media Reader
    DivX Setup
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    ESET Online Scanner v3
    eSupportQFolder
    Fax_CDA
    FullDPAppQFolder
    GIMP 2.6.11
    Gmask 1.70 English
    GNU Aspell 0.50-3
    Google Chrome
    Google SketchUp 8
    Google Toolbar for Internet Explorer
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    HP Document Viewer 5.3
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP Product Assistant
    HP PSC & OfficeJet 5.3.A
    HP Solution Center & Imaging Support Tools 5.3
    HP Update
    HPProductAssistant
    InstantShareDevices
    IrfanView (remove only)
    iTunes
    J2SE Runtime Environment 5.0 Update 2
    Java 2 Runtime Environment Standard Edition v1.3.1_07
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    JDownloader
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee AntiSpyware
    Medieval II Total War
    Medieval II Total War : Kingdoms : Crusades
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Money 2005
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Ultimate 2007 Subscription
    Microsoft Office Word MUI (English) 2007
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSN
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Keyboard Driver
    Napster
    Napster Burn Engine
    Nero BurnRights
    Nero OEM
    NewCopy_CDA
    Notepad++
    OpenOffice.org 3.3
    PanoStandAlone
    PhotoGallery
    PowerDVD
    ProductContextNPI
    Pure Networks Port Magic
    Python 2.6
    QuickTime
    RandMap
    Readme
    RealPlayer Basic
    Realtek AC'97 Audio
    Recovery Software Suite eMachines
    SanDisk ® Media Manager
    Scan
    ScannerCopy
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    SkinsHP1
    SoftV92 Data Fax Modem with SmartCP
    SolutionCenter
    Sonic Encoders
    Sonic_PrimoSDK
    Status
    TrayApp
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
    VC80CRTRedist - 8.0.50727.4053
    Verizon Online DSL
    Viewpoint Media Player
    Visual C++ 9.0 CRT (x86) WinSXS MSM
    Visual C++ 9.0 OpenMP (x86) WinSXS MSM
    VLC media player 1.1.7
    WebFldrs XP
    WebReg
    WinAVI MP4 Converter
    WinAVI Video Converter
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows XP Media Center Edition 2005 KB890629
    Windows XP Media Center Edition 2005 KB890760
    Windows XP Media Center Edition 2005 KB895198
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2011 5:09:06 PM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 b7114481, parameter3 f7977a6c, parameter4 f7977768.
    3/8/2011 11:54:50 AM, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 b7181481, parameter3 f797ba6c, parameter4 f797b768.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    So far, looks good :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. Dengel

    Dengel TS Rookie Topic Starter

    Requested Logs

    Did you want me to run Rkill even if Combo fix ran?

    If not here are the logs:

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000003fc

    Kernel Drivers (total 173):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806D1000 \WINDOWS\system32\hal.dll
    0xF7A10000 \WINDOWS\system32\KDCOM.DLL
    0xF7920000 \WINDOWS\system32\BOOTVID.dll
    0xF73E1000 ACPI.sys
    0xF7A12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF73D0000 pci.sys
    0xF7510000 isapnp.sys
    0xF7AD8000 pciide.sys
    0xF7790000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7A14000 aliide.sys
    0xF7A16000 cmdide.sys
    0xF7A18000 toside.sys
    0xF7A1A000 viaide.sys
    0xF7A1C000 intelide.sys
    0xF7520000 MountMgr.sys
    0xF73B1000 ftdisk.sys
    0xF7A1E000 dmload.sys
    0xF738B000 dmio.sys
    0xF7798000 PartMgr.sys
    0xF7530000 VolSnap.sys
    0xF7924000 cpqarray.sys
    0xF7373000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF735B000 atapi.sys
    0xF7928000 aha154x.sys
    0xF77A0000 sparrow.sys
    0xF792C000 symc810.sys
    0xF7540000 aic78xx.sys
    0xF7930000 dac960nt.sys
    0xF7550000 ql10wnt.sys
    0xF7934000 amsint.sys
    0xF77A8000 asc.sys
    0xF7938000 asc3550.sys
    0xF77B0000 mraid35x.sys
    0xF77B8000 i2omp.sys
    0xF793C000 ini910u.sys
    0xF7560000 ql1240.sys
    0xF7570000 aic78u2.sys
    0xF77C0000 symc8xx.sys
    0xF77C8000 sym_hi.sys
    0xF77D0000 sym_u3.sys
    0xF77D8000 ABP480N5.SYS
    0xF77E0000 asc3350p.sys
    0xF7A20000 cd20xrnt.sys
    0xF7580000 ultra.sys
    0xF7342000 adpu160m.sys
    0xF77E8000 dpti2o.sys
    0xF7590000 ql1080.sys
    0xF75A0000 ql1280.sys
    0xF75B0000 ql12160.sys
    0xF77F0000 perc2.sys
    0xF7A22000 perc2hib.sys
    0xF77F8000 hpn.sys
    0xF7940000 cbidf2k.sys
    0xF7316000 dac2w2k.sys
    0xF75C0000 disk.sys
    0xF75D0000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF72F6000 fltmgr.sys
    0xF72E4000 sr.sys
    0xF7800000 PxHelp20.sys
    0xF72CD000 KSecDD.sys
    0xF7240000 Ntfs.sys
    0xF7213000 NDIS.sys
    0xF75E0000 sisagp.sys
    0xF75F0000 viaagp.sys
    0xF7600000 ohci1394.sys
    0xF7610000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF71F9000 Mup.sys
    0xF7620000 agp440.sys
    0xF7630000 alim1541.sys
    0xF7640000 amdagp.sys
    0xF7650000 agpCPQ.sys
    0xF76B0000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF6B8D000 \SystemRoot\system32\DRIVERS\processr.sys
    0xF633A000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF6326000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7848000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF6302000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7850000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF658A000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF657A000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xF656A000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF655A000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF62DF000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7858000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xF7860000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xF62A9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    0xF61AA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF6102000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF7868000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF5ED0000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xF5EAC000 \SystemRoot\system32\drivers\portcls.sys
    0xF654A000 \SystemRoot\system32\drivers\drmk.sys
    0xF7870000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF5E98000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF7C32000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF653A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7119000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5E81000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF652A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF651A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7878000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5E70000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF650A000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7880000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7898000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6487000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0xF5E40000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xF7690000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF647F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6477000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7A50000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5D69000 \SystemRoot\system32\DRIVERS\update.sys
    0xF6F83000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF76D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF76E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7A54000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79DC000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7A56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7AEE000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7A58000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF6467000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF645F000 \SystemRoot\System32\drivers\vga.sys
    0xF7A5A000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7A5C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF6457000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF644F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF79E4000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEDCEE000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEDC95000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEDC6D000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEDC4B000 \SystemRoot\System32\drivers\afd.sys
    0xF7720000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEDC20000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEDBB0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7740000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEDB8A000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF7750000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7760000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xEDB31000 \SystemRoot\system32\DRIVERS\WUSB54GSCV2.sys
    0xF6447000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF643F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF7A0C000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF7770000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF7888000 \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
    0xF7890000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xF7135000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF712D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xEDABD000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xEDAA5000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7A6E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEDD45000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF78A8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7B25000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\ati2dvag.dll
    0xBF04D000 \SystemRoot\System32\ati2cqag.dll
    0xBF07F000 \SystemRoot\System32\atikvmag.dll
    0xBF0B0000 \SystemRoot\System32\ati3duag.dll
    0xBF2E1000 \SystemRoot\System32\ativvaxx.dll
    0xBF376000 \SystemRoot\System32\ATMFD.DLL
    0xB8604000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB8363000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7A7A000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB8286000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB8470000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7ACE000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xB805A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB7D2E000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB7E5E000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB78B5000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 50):
    0 System Idle Process
    4 System
    576 C:\WINDOWS\system32\smss.exe
    656 csrss.exe
    684 C:\WINDOWS\system32\winlogon.exe
    728 C:\WINDOWS\system32\services.exe
    740 C:\WINDOWS\system32\lsass.exe
    908 C:\WINDOWS\system32\ati2evxx.exe
    920 C:\WINDOWS\system32\svchost.exe
    980 svchost.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1060 svchost.exe
    1120 svchost.exe
    1436 C:\WINDOWS\system32\ati2evxx.exe
    1500 C:\WINDOWS\explorer.exe
    1664 C:\WINDOWS\system32\spoolsv.exe
    1736 svchost.exe
    1800 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    1888 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    408 C:\WINDOWS\ehome\ehtray.exe
    424 C:\WINDOWS\zHotkey.exe
    452 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    468 C:\Program Files\Digital Media Reader\shwiconEM.exe
    516 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    536 C:\WINDOWS\SOUNDMAN.EXE
    548 C:\Program Files\Bonjour\mDNSResponder.exe
    560 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    608 C:\WINDOWS\ehome\ehRecvr.exe
    564 C:\WINDOWS\ehome\ehSched.exe
    856 C:\Program Files\QuickTime\QTTask.exe
    936 C:\Program Files\Java\jre6\bin\jqs.exe
    784 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    1452 C:\WINDOWS\system32\svchost.exe
    1548 wdfmgr.exe
    1556 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    1808 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    252 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    276 C:\Program Files\iTunes\iTunesHelper.exe
    376 C:\WINDOWS\system32\wuauclt.exe
    344 C:\WINDOWS\system32\ctfmon.exe
    1376 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    1380 C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
    2708 C:\WINDOWS\system32\dllhost.exe
    2748 alg.exe
    2920 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    2996 C:\WINDOWS\ehome\ehmsas.exe
    3320 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    3384 C:\Program Files\iPod\bin\iPodService.exe
    2132 wmiprvse.exe
    3432 C:\Documents and Settings\Nick Clark\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`0d27ca00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: WDCWD2000BB-22GUC0, Rev: 08.02D08

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Done!
    ----------------------


    ComboFix 11-03-09.02 - Nick Clark 03/09/2011 20:09:22.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.547 [GMT -5:00]
    Running from: c:\documents and settings\Nick Clark\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\XSxS
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-10 to 2011-03-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-09 19:48 . 2011-03-09 19:48 -------- d-----w- c:\program files\ESET
    2011-03-08 16:57 . 2011-03-08 16:57 -------- d-----w- c:\documents and settings\Nick Clark\DoctorWeb
    2011-03-06 09:09 . 2011-03-06 09:09 -------- d-----w- c:\documents and settings\Nick Clark\Local Settings\Application Data\ArmA 2 Demo
    2011-03-04 15:45 . 2011-03-04 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2011-03-04 05:23 . 2011-03-04 05:23 -------- d-----w- c:\documents and settings\Nick Clark\Application Data\OpenOffice.org
    2011-02-19 02:44 . 2011-02-19 02:44 -------- d-----w- c:\program files\Gmask 1.70 English
    2011-02-18 19:30 . 2011-02-18 19:32 -------- d-----w- c:\program files\iTunes
    2011-02-16 19:41 . 2011-02-16 19:41 -------- d-----w- c:\program files\iPod
    2011-02-16 02:15 . 2011-02-03 02:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-02-16 02:15 . 2011-02-03 02:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-11 03:11 . 2011-02-11 03:12 -------- d-----w- c:\program files\Common Files\Adobe
    2011-02-10 02:23 . 2011-02-28 23:28 -------- d-----w- c:\documents and settings\Nick Clark\Local Settings\Application Data\Temp
    2011-02-10 02:23 . 2011-02-10 02:32 -------- d-----w- c:\documents and settings\Nick Clark\Local Settings\Application Data\Google
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 00:19 . 2009-11-18 22:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58 . 2005-04-13 17:12 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2005-04-13 17:12 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2005-04-13 16:56 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2005-04-13 16:55 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2005-04-13 16:56 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2005-04-13 16:55 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59 . 2005-04-13 16:56 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2005-04-13 16:55 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2005-04-13 16:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:09 . 2010-11-12 20:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 23:08 . 2010-11-12 20:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 17:26 . 2005-04-13 16:55 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2005-04-13 16:55 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-14 02:16 . 2010-12-07 17:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Nick Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2011-02-10 136176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "CHotkey"="zHotkey.exe" [2004-05-18 543232]
    "ShowWnd"="ShowWnd.exe" [2003-09-19 36864]
    "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
    "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-18 339968]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-09 966656]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
    SanDisk Media Manager.lnk - [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [10/9/2007 11:33 PM 198144]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
    .
    2011-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526845301-3915646652-1314100789-1007Core.job
    - c:\documents and settings\Nick Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-10 02:22]
    .
    2011-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2526845301-3915646652-1314100789-1007UA.job
    - c:\documents and settings\Nick Clark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-10 02:22]
    .
    2009-07-26 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]
    .
    2009-07-26 c:\windows\Tasks\ISP signup reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]
    .
    2009-07-26 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-04-13 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.emachines.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Nick Clark\Application Data\Mozilla\Firefox\Profiles\o0lkqy6k.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: GameFOX: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1} - %profile%\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
    FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-Verizon Online DSL_is1 - c:\program files\Common Files\SupportSoft\Verizon\vzuninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 20:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(684)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-03-09 20:17:17
    ComboFix-quarantined-files.txt 2011-03-10 01:17
    .
    Pre-Run: 131,932,356,608 bytes free
    Post-Run: 131,885,916,160 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - E3E4496DFCE4AF75DB009C7729C0200D
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. Dengel

    Dengel TS Rookie Topic Starter

    No problems so far

    Here are the logs:
    OTL.txt

    OTL logfile created on: 3/9/2011 8:37:32 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nick Clark\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 51.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 182.10 Gb Total Space | 122.82 Gb Free Space | 67.45% Space Free | Partition Type: NTFS
    Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.64% Space Free | Partition Type: FAT32

    Computer Name: NICKS | User Name: Nick Clark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/09 20:34:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\Desktop\OTL.exe
    PRC - [2011/01/10 18:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/06/28 13:36:26 | 000,370,688 | -H-- | M] (SanDisk Corporation) -- C:\Program Files\SanDisk\SanDisk Media Manager\SanDiskMediaManager-Launcher.EXE
    PRC - [2009/07/22 20:08:25 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2004/12/01 18:54:22 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
    PRC - [2004/11/15 17:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
    PRC - [2004/05/17 20:30:04 | 000,543,232 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
    PRC - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/09 20:34:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\Desktop\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/12/01 19:43:02 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/07/22 20:08:25 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/07/22 20:22:51 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2007/10/09 23:33:12 | 000,198,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WUSB54GSCV2.sys -- (WUSB54GSCV2)
    DRV - [2005/03/14 19:54:00 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2004/12/01 23:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2004/11/15 19:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
    DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2004/04/13 23:14:12 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
    DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
    IE - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: avg@igeared:5.008.027.003
    FF - prefs.js..extensions.enabledItems: {6dd0bdba-0a02-429e-b595-87a7dfdca7a1}:0.7.12
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.17s
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/02 23:56:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/15 21:15:16 | 000,000,000 | ---D | M]

    [2010/12/25 11:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Clark\Application Data\Mozilla\Extensions
    [2011/02/26 21:15:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nick Clark\Application Data\Mozilla\Firefox\Profiles\o0lkqy6k.default\extensions
    [2011/02/10 22:19:15 | 000,000,000 | ---D | M] (GameFOX) -- C:\Documents and Settings\Nick Clark\Application Data\Mozilla\Firefox\Profiles\o0lkqy6k.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
    [2010/12/26 20:23:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nick Clark\Application Data\Mozilla\Firefox\Profiles\o0lkqy6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2011/01/08 00:41:50 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Documents and Settings\Nick Clark\Application Data\Mozilla\Firefox\Profiles\o0lkqy6k.default\extensions\SkipScreen@SkipScreen
    [2011/03/04 00:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/15 21:15:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/03/04 00:12:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/16 14:10:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
    File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
    [2011/02/15 21:14:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/12/29 16:50:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/03/09 20:13:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
    O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\remind_xp.exe (SoftThinks)
    O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SanDisk Media Manager.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2526845301-3915646652-1314100789-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
    O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://aolsvc.aol.com/onlinegames/luxor/mjolauncher.cab (MJLauncherCtrl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_3_1_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/04/13 12:20:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/09 20:37:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/03/09 20:34:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\Desktop\OTL.exe
    [2011/03/09 20:08:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/09 19:58:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/09 19:58:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/09 19:58:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/09 19:58:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/09 19:58:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/09 19:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/09 14:57:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\My Documents\TFC.exe
    [2011/03/09 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/03/08 11:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\DoctorWeb
    [2011/03/06 04:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\ArmA 2 Demo
    [2011/03/04 10:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    [2011/03/04 00:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\Application Data\OpenOffice.org
    [2011/03/04 00:17:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
    [2011/03/04 00:09:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\My Documents\OpenOffice.org 3.3 (en-US) Installation Files
    [2011/02/18 21:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\Start Menu\Programs\Gmask 1.70 English
    [2011/02/18 21:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Gmask 1.70 English
    [2011/02/18 14:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/02/16 14:43:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/02/16 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/02/15 21:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2011/02/10 22:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2011/02/09 21:32:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\Start Menu\Programs\Google Chrome
    [2011/02/09 21:23:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Temp
    [2011/02/09 21:23:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\Google
    [2011/02/08 14:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2011/02/08 10:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick Clark\My Documents\Manga

    ========== Files - Modified Within 30 Days ==========

    [2011/03/09 20:34:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\Desktop\OTL.exe
    [2011/03/09 20:28:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2526845301-3915646652-1314100789-1007UA.job
    [2011/03/09 20:13:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/09 20:08:31 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2011/03/09 19:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/09 19:55:52 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/09 19:49:49 | 004,284,346 | R--- | M] () -- C:\Documents and Settings\Nick Clark\Desktop\ComboFix.exe
    [2011/03/09 19:47:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Desktop\MBRCheck.exe
    [2011/03/09 18:46:19 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/09 16:12:58 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Nick Clark\My Documents\dds.scr
    [2011/03/09 15:12:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Nick Clark\My Documents\wezip68e.exe
    [2011/03/09 14:57:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\My Documents\TFC.exe
    [2011/03/09 13:30:45 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/03/08 21:28:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2526845301-3915646652-1314100789-1007Core.job
    [2011/03/08 11:50:54 | 058,162,848 | ---- | M] () -- C:\Documents and Settings\Nick Clark\My Documents\33hxan62.exe
    [2011/03/04 10:43:53 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
    [2011/03/04 10:39:27 | 000,000,217 | ---- | M] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
    [2011/03/04 10:36:53 | 000,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/03/04 00:17:16 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
    [2011/03/03 10:48:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2011/03/03 10:48:10 | 000,000,214 | ---- | M] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2011/03/03 10:44:53 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2011/03/02 20:40:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/01 09:01:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/02/28 18:30:20 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/02/28 18:30:19 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Desktop\Google Chrome.lnk
    [2011/02/26 11:29:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2011/02/24 23:08:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/02/18 14:32:24 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/02/17 08:05:35 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Desktop\Notepad++.lnk
    [2011/02/16 21:10:06 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\Nick Clark\.recently-used.xbel
    [2011/02/10 22:13:29 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/02/08 14:05:45 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

    ========== Files Created - No Company Name ==========

    [2011/03/09 20:08:31 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2011/03/09 20:08:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/09 19:58:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/09 19:58:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/09 19:58:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/09 19:58:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/09 19:58:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/09 19:48:15 | 004,284,346 | R--- | C] () -- C:\Documents and Settings\Nick Clark\Desktop\ComboFix.exe
    [2011/03/09 19:47:17 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Nick Clark\Desktop\MBRCheck.exe
    [2011/03/09 16:12:47 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Nick Clark\My Documents\dds.scr
    [2011/03/09 15:12:42 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Nick Clark\My Documents\wezip68e.exe
    [2011/03/08 11:32:12 | 058,162,848 | ---- | C] () -- C:\Documents and Settings\Nick Clark\My Documents\33hxan62.exe
    [2011/03/04 10:43:53 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
    [2011/03/04 10:39:27 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
    [2011/03/04 00:17:16 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
    [2011/03/03 10:48:28 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
    [2011/03/03 10:48:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
    [2011/03/03 10:44:53 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
    [2011/02/17 08:05:59 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Nick Clark\Desktop\Notepad++.lnk
    [2011/02/16 21:10:06 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\Nick Clark\.recently-used.xbel
    [2011/02/16 14:43:24 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/02/10 22:13:29 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/02/10 22:13:26 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/02/09 21:32:44 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Nick Clark\Desktop\Google Chrome.lnk
    [2011/02/09 21:32:44 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Nick Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2011/02/09 21:23:19 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2526845301-3915646652-1314100789-1007UA.job
    [2011/02/09 21:23:14 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2526845301-3915646652-1314100789-1007Core.job
    [2011/02/08 14:05:45 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    [2010/12/26 19:15:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2010/12/12 19:08:14 | 000,000,016 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\2AE82B2.ini
    [2010/12/07 17:06:07 | 000,000,016 | RH-- | C] () -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\1574159.ini
    [2010/11/28 19:32:16 | 000,000,251 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2010/11/11 23:07:24 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\fusioncache.dat
    [2010/11/11 23:06:56 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Nick Clark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/24 18:18:20 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
    [2010/01/18 10:00:05 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2009/11/18 19:39:29 | 000,036,968 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2009/11/16 16:01:48 | 000,088,398 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
    [2009/11/16 16:01:47 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
    [2009/11/16 16:01:39 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2009/07/22 20:33:00 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
    [2009/07/22 20:33:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2009/07/22 20:30:17 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
    [2009/07/22 20:28:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/07/22 20:20:07 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2009/07/22 20:10:28 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
    [2009/07/22 20:10:28 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
    [2009/07/22 20:10:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
    [2009/07/22 20:10:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
    [2009/07/22 20:00:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
    [2006/03/18 08:16:04 | 000,540,178 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
    [2005/08/05 21:28:12 | 000,079,320 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2005/04/13 14:02:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/04/13 13:17:38 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
    [2005/04/13 12:25:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2005/04/13 12:14:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2005/04/13 11:57:05 | 000,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/04/13 11:57:05 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2005/04/13 11:56:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2005/04/13 11:55:58 | 000,444,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2005/04/13 11:55:58 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2005/04/13 11:55:58 | 000,072,428 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2005/04/13 11:55:58 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2005/04/13 11:55:57 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2005/04/13 11:55:55 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2005/04/13 11:55:54 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2005/04/13 11:55:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2005/04/13 11:55:46 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2005/04/13 11:55:38 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2005/04/13 11:55:31 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2005/04/13 05:08:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/04/13 05:07:09 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/07/22 20:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2011/03/09 19:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/02 19:05:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/27 15:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/11/18 07:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2009/07/22 20:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2009/11/18 06:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2010/10/24 18:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SanDisk
    [2009/07/22 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/01/18 15:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/11/28 13:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/07/22 20:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
    [2009/12/29 15:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2010/11/11 23:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\AVG10
    [2011/02/05 20:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\BitTorrent
    [2011/02/07 12:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\fltk.org
    [2011/02/15 22:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\gtk-2.0
    [2010/12/06 21:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\MilkShape 3D 1.x.x
    [2011/01/08 14:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\mkvtoolnix
    [2011/02/17 08:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\Notepad++
    [2011/03/04 00:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\OpenOffice.org
    [2009/07/22 20:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\SampleView
    [2010/11/12 16:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick Clark\Application Data\WinAVI
    [2010/10/02 19:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
    [2010/09/03 16:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LimeWire
    [2009/11/18 19:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
    [2009/11/17 15:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
    [2009/07/22 20:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
    [2010/10/10 17:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
    [2009/11/17 17:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
    [2010/09/05 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinAVI
    [2009/07/26 13:55:47 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
    [2009/07/26 13:55:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
    [2009/07/26 13:55:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/22 20:33:30 | 000,000,193 | ---- | M] () -- C:\audio.log
    [2005/04/13 12:20:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/02/06 16:23:07 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2011/03/09 20:08:31 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/09 20:17:18 | 000,012,011 | ---- | M] () -- C:\ComboFix.txt
    [2005/04/13 12:20:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/03/09 19:55:52 | 938,004,480 | -HS- | M] () -- C:\hiberfil.sys
    [2005/04/13 12:20:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/07/22 20:25:00 | 000,000,860 | -H-- | M] () -- C:\IPH.PH
    [2011/03/06 21:28:46 | 000,032,680 | ---- | M] () -- C:\MP4debug.log
    [2005/04/13 12:20:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2009/07/22 20:32:41 | 000,000,160 | ---- | M] () -- C:\napster.log
    [2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/11/16 20:41:11 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/09 19:55:51 | 1409,286,144 | -HS- | M] () -- C:\pagefile.sys
    [2004/10/30 09:41:53 | 000,000,118 | ---- | M] () -- C:\SmartInstaller.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2005/05/11 23:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\Fonts\*.ini >
    [2005/04/13 12:19:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2005/05/05 08:48:54 | 000,067,072 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp3xu.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/12/26 20:07:00 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Nick Clark\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2005/04/13 05:06:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2005/04/13 05:06:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2005/04/13 05:06:16 | 000,856,064 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/11/16 20:46:18 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/11 23:07:12 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Nick Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2005/04/13 12:27:16 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/09 19:49:49 | 004,284,346 | R--- | M] () -- C:\Documents and Settings\Nick Clark\Desktop\ComboFix.exe
    [2011/03/09 19:47:18 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Desktop\MBRCheck.exe
    [2011/03/09 20:34:41 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/03/08 11:50:54 | 058,162,848 | ---- | M] () -- C:\Documents and Settings\Nick Clark\My Documents\33hxan62.exe
    [2011/01/17 22:00:05 | 225,630,683 | ---- | M] (repman, repman@rep.de) -- C:\Documents and Settings\Nick Clark\My Documents\DLV_Patch_62.exe
    [2011/03/09 14:57:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick Clark\My Documents\TFC.exe
    [2011/03/09 15:12:48 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Nick Clark\My Documents\wezip68e.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/11 23:07:12 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Nick Clark\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/03/09 20:17:21 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Nick Clark\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 14:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 10:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 10:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 10:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 10:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 10:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 10:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 10:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  6. Dengel

    Dengel TS Rookie Topic Starter

    Here's the Extra.txt
    =================
    Extras.txt


    OTL Extras logfile created on: 3/9/2011 8:37:32 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Nick Clark\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.00 Mb Total Physical Memory | 456.00 Mb Available Physical Memory | 51.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 182.10 Gb Total Space | 122.82 Gb Free Space | 67.45% Space Free | Partition Type: NTFS
    Drive D: | 4.20 Gb Total Space | 0.99 Gb Free Space | 23.64% Space Free | Partition Type: FAT32

    Computer Name: NICKS | User Name: Nick Clark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2526845301-3915646652-1314100789-1007\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- (America Online, Inc.)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Disabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Disabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Disabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Disabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Disabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Disabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Disabled:hpqphunl.exe -- ()
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Disabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
    "{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0E65518E-EC48-11D6-88B8-0050DA21757E}" = Java 2 Runtime Environment Standard Edition v1.3.1_07
    "{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
    "{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
    "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
    "{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
    "{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
    "{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
    "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
    "{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
    "{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A0B0BCE9-2994-36F2-BE66-D23C884372E8}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
    "{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
    "{AA2EBBCC-4E3B-3442-865E-7BB3E9F45F0C}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
    "{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
    "{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
    "{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
    "{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
    "{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
    "{E871A881-3206-437B-8B70-2657E45B564E}" = SanDisk ® Media Manager
    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
    "{EB5BA578-FF7F-3863-8E53-7A003222B7FC}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
    "{EB6C11E5-449C-3BA3-9086-80B18BCFF947}" = Visual C++ 9.0 OpenMP (x86) WinSXS MSM
    "{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F39A74A0-FAE2-401C-AED1-1C941AA28EA8}" = McAfee AntiSpyware
    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "America Online us" = America Online (Choose which version to remove)
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOL Spyware Protection" = AOL Spyware Protection
    "AOL Toolbar" = AOL Toolbar
    "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
    "AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
    "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
    "ATI Display Driver" = ATI Display Driver
    "BitTorrent" = BitTorrent
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
    "DivX Setup.divx.com" = DivX Setup
    "ESET Online Scanner" = ESET Online Scanner v3
    "Gmask 1.70 English" = Gmask 1.70 English
    "GNU Aspell_is1" = GNU Aspell 0.50-3
    "HP Document Viewer" = HP Document Viewer 5.3
    "HP Imaging Device Functions" = HP Imaging Device Functions 5.3
    "HP Photo & Imaging" = HP Image Zone 5.3
    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
    "HPExtendedCapabilities" = HP Extended Capabilities 5.3
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
    "IrfanView" = IrfanView (remove only)
    "JDownloader" = JDownloader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2005b" = Microsoft Money 2005
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSNINST" = MSN
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "Nero BurnRights!UninstallKey" = Nero BurnRights
    "Notepad++" = Notepad++
    "PictureItPrem_v10" = Microsoft Picture It! Premium 10
    "Port Magic" = Pure Networks Port Magic
    "RealPlayer 6.0" = RealPlayer Basic
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "ULTIMATER" = Microsoft Office Ultimate 2007 Subscription
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.1.7
    "WinAVI Video Converter 10.1_is1" = WinAVI Video Converter
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2526845301-3915646652-1314100789-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/21/2011 4:59:41 AM | Computer Name = NICKS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3616672

    Error - 2/21/2011 4:59:41 AM | Computer Name = NICKS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3616672

    Error - 2/25/2011 3:42:54 PM | Computer Name = NICKS | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 2/27/2011 7:52:04 PM | Computer Name = NICKS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/27/2011 7:52:05 PM | Computer Name = NICKS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10811187

    Error - 2/27/2011 7:52:05 PM | Computer Name = NICKS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10811187

    Error - 2/28/2011 8:17:25 PM | Computer Name = NICKS | Source = Application Hang | ID = 1002
    Description = Hanging application iTunes.exe, version 10.1.2.17, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 3/4/2011 1:24:54 AM | Computer Name = NICKS | Source = ESENT | ID = 490
    Description = svchost (1324) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 3/4/2011 1:24:54 AM | Computer Name = NICKS | Source = ESENT | ID = 439
    Description = Catalog Database (1324) Unable to write a shadowed header for file
    C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error
    -1032.

    Error - 3/4/2011 1:24:54 AM | Computer Name = NICKS | Source = ESENT | ID = 473
    Description = Catalog Database (1324) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    was partially detached. Error -1032 encountered updating database headers.

    [ System Events ]
    Error - 3/8/2011 12:54:50 PM | Computer Name = NICKS | Source = System Error | ID = 1003
    Description = Error code 1000007e, parameter1 c0000005, parameter2 b7181481, parameter3
    f797ba6c, parameter4 f797b768.

    Error - 3/8/2011 6:09:06 PM | Computer Name = NICKS | Source = System Error | ID = 1003
    Description = Error code 1000007e, parameter1 c0000005, parameter2 b7114481, parameter3
    f7977a6c, parameter4 f7977768.


    < End of report >
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Feel free to reinstall your AVG at any time.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SanDisk Media Manager.lnk = File not found
      O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
      O16 - DPF: {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      [2009/07/22 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2009/11/17 17:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
      [2009/07/26 13:55:47 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
      [2009/07/26 13:55:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
      [2009/07/26 13:55:48 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  8. Dengel

    Dengel TS Rookie Topic Starter

    Here are the logs from OTL and Security Check I'll post the ESET log if any in the morning.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SanDisk Media Manager.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ deleted successfully.
    Starting removal of ActiveX control {CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
    c:\winnt\Downloaded Program Files\jinstall_1_3_1_07.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Uniblue\RegistryBooster folder moved successfully.
    C:\Documents and Settings\Owner\Application Data\Uniblue folder moved successfully.
    C:\WINDOWS\Tasks\ISP signup reminder 1.job moved successfully.
    C:\WINDOWS\Tasks\ISP signup reminder 2.job moved successfully.
    C:\WINDOWS\Tasks\ISP signup reminder 3.job moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65536 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Nick Clark
    ->Temp folder emptied: 20565 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 28357736 bytes
    ->Flash cache emptied: 498 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 27.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Nick Clark
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03092011_215149

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    ==============================
    Security Check

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    McAfee AntiSpyware
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java 2 Runtime Environment Standard Edition v1.3.1_07
    Java(TM) 6 Update 16
    Java(TM) 6 Update 24
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader X (10.0.1)
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Uninstall:
    Java 2 Runtime Environment Standard Edition v1.3.1_07
    Java(TM) 6 Update 16
    Java(TM) 6 Update 22

    Update Firefox to the latest 3.6.15 version.

    Don't forget to reinstall your AV program.
     
  10. Dengel

    Dengel TS Rookie Topic Starter

    Sorry about the wait Eset reported no infections.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  12. Dengel

    Dengel TS Rookie Topic Starter

    Thanks for your help my computer seems to be fine. However what do you recommend for protecting flash drives?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good news :)

    You can't really protect USB flash drives, but you can protect your computer from something jumping from the flash drive on your computer.

    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...