Solved XP Windows recovery virus - can't install Malwarebytes & other issues

Avast is a very good program.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

OTL logfile created on: 6/8/2011 4:31:01 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.00 Mb Total Physical Memory | 740.00 Mb Available Physical Memory | 77.00% Memory free
859.00 Mb Paging File | 770.00 Mb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.54 Gb Total Space | 157.37 Gb Free Space | 70.09% Space Free | Partition Type: NTFS
Drive H: | 8.33 Gb Total Space | 0.36 Gb Free Space | 4.30% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (Viewpoint Manager Service)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2010/09/07 11:11:59 | 000,040,384 | -H-- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | -H-- | M] (AVAST Software) [On_Demand] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | -H-- | M] (AVAST Software) [Auto] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/10/27 07:19:46 | 000,895,696 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 07:23:32 | 000,365,072 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 06:22:08 | 000,144,704 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 05:28:38 | 000,606,736 | -H-- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/09 20:26:20 | 000,865,832 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 07:54:34 | 000,359,952 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 15:10:02 | 002,482,848 | -H-- | M] (McAfee, Inc.) [Auto] -- C:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2008/02/02 05:34:50 | 001,251,720 | -H-- | M] () [Auto] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/25 20:03:42 | 002,119,360 | -H-- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 20:03:42 | 000,100,032 | -H-- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/03/30 10:15:44 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/03/03 17:03:10 | 000,069,632 | -H-- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/08/03 02:19:16 | 000,058,880 | -H-- | M] (Microsoft) [Auto] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (kbiwkmmlthritq)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot] -- -- (ftsata2)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/09/07 10:52:25 | 000,046,672 | -H-- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | -H-- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | -H-- | M] (AVAST Software) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | -H-- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | -H-- | M] (AVAST Software) [File_System | Auto] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | -H-- | M] (AVAST Software) [Kernel | System] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/16 06:22:48 | 000,214,664 | -H-- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 06:22:48 | 000,079,816 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 06:22:48 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 06:22:48 | 000,035,272 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 06:22:14 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/08/17 12:08:37 | 000,054,784 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\UACexvaprniqe.sys -- (UACd.sys)
DRV - [2009/07/16 08:32:26 | 000,120,136 | -H-- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/02/06 05:00:00 | 000,383,800 | -H-- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/01/15 01:42:58 | 000,008,413 | -H-- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/08/08 05:46:59 | 000,010,344 | -H-- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/06/14 14:04:12 | 004,299,264 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/05 00:58:44 | 001,536,000 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/27 08:46:20 | 000,081,408 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 20:27:00 | 000,019,072 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/06 14:20:50 | 000,241,664 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:40 | 000,936,448 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2004/08/03 17:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\Administrator_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\Compaq_Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555




FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/29 14:17:21 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/04/22 11:42:44 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.4.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2010/04/29 11:42:26 | 000,000,000 | -H-D | M]


O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Compaq_Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [minix32] File not found
O4 - HKU\Compaq_Administrator_ON_C..\Run: [Getdo] C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe\Update\flacor.dat ()
O4 - HKU\Compaq_Administrator_ON_C..\Run: [Helper] C:\Documents and Settings\Compaq_Administrator\Application Data\Helper\bin\liveu.exe ()
O4 - HKU\Compaq_Administrator_ON_C..\Run: [kqAIrvwyxLeS] C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe (eSafe)
O4 - HKU\Compaq_Administrator_ON_C..\Run: [Monopod] File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Compaq_Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader.cab (MySpace Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ipcoll32 - (C:\WINDOWS\system32\mspaclip.dll) - C:\WINDOWS\system32\mspaclip.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 11:16:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/08 11:03:33 | 127,222,215 | -H-- | C] (Igor Pavlov) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTLPENet.exe
[2011/06/07 18:24:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/06/07 18:20:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\malwarebytes
[2011/06/07 18:20:16 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes
[2011/06/07 18:14:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/06/06 16:59:18 | 000,000,000 | -H-D | C] -- C:\Program Files\Mal
[2011/06/06 16:57:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ElevatedDiagnostics
[2011/06/06 16:56:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/06/06 16:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/06/06 10:52:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/06/06 10:49:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/06/05 10:24:05 | 000,039,984 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/05 10:24:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/05 10:24:00 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/05 10:22:46 | 009,435,312 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\chad.com.exe
[2011/06/05 10:16:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/05 10:13:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer
[2011/06/05 10:12:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/06/05 09:38:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Administrative Tools
[2011/06/05 09:37:19 | 000,607,222 | RH-- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2011/06/05 09:28:46 | 001,431,344 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\away.com.exe
[2011/06/04 11:35:40 | 001,431,344 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\vaway.com.exe
[2011/06/02 17:12:01 | 000,465,408 | -H-- | C] (eSafe) -- C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
[2011/06/02 12:02:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Windows XP Recovery
[2011/05/11 12:26:45 | 006,600,192 | -H-- | C] (Mirage Systems) -- C:\WINDOWS\System32\licprotector310.exe
[2011/05/11 12:26:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free File Opener
[2011/05/11 12:26:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Free File Opener
[2011/05/11 12:26:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Free File Opener
[2006/02/19 13:28:56 | 000,012,288 | -H-- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/08 11:17:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 11:03:33 | 127,222,215 | -H-- | M] (Igor Pavlov) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTLPENet.exe
[2011/06/08 11:00:00 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2011/06/08 11:00:00 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2011/06/08 10:55:29 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/08 10:52:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\malwarebytes
[2011/06/08 10:52:16 | 1006,030,848 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/07 19:52:07 | 000,000,186 | -H-- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/06/07 19:46:22 | 001,007,120 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\iExplore.exe
[2011/06/07 18:20:21 | 000,000,694 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 16:51:02 | 009,435,312 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\chad.com.exe
[2011/06/06 12:02:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/06/05 10:12:50 | 000,293,977 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.zip
[2011/06/05 09:37:23 | 000,607,222 | RH-- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr
[2011/06/05 09:34:32 | 000,050,477 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Defogger.exe
[2011/06/05 09:28:46 | 001,431,344 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\away.com.exe
[2011/06/04 11:35:40 | 001,431,344 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\vaway.com.exe
[2011/06/03 20:26:48 | 000,442,466 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/03 20:26:47 | 000,071,732 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/03 20:25:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/03 20:25:21 | 000,004,236 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/03 20:24:33 | 000,000,823 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/02 17:12:33 | 000,116,224 | -H-- | M] () -- C:\WINDOWS\System32\drivers\11216E.sys
[2011/06/02 17:11:58 | 000,465,408 | -H-- | M] (eSafe) -- C:\Documents and Settings\All Users\Application Data\kqAIrvwyxLeS.exe
[2011/06/02 12:11:46 | 000,020,093 | -H-- | M] () -- C:\WINDOWS\System32\Config.MPF
[2011/06/02 12:09:21 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26468132r
[2011/06/02 12:09:21 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26468132
[2011/06/02 12:07:27 | 000,410,112 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\26468132.exe
[2011/06/02 12:02:48 | 000,000,807 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/06/02 12:02:29 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\26468132
[2011/06/02 12:02:22 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/02 12:02:22 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Try Microsoft Office for 60 days
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\TaxCut 2006
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Snapfish for your photos
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rhapsody
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2006
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Help & Tools
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Services
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Netscape
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\My HP Games
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hot Deals
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free File Opener
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/06/02 12:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/29 05:11:30 | 000,039,984 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 05:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/08 10:50:08 | 1006,030,848 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/07 18:20:21 | 000,000,694 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/05 10:12:49 | 000,293,977 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\gmer.zip
[2011/06/05 09:34:32 | 000,050,477 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Defogger.exe
[2011/06/04 11:27:20 | 001,007,120 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\iExplore.exe
[2011/06/03 20:24:33 | 000,000,823 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/02 17:12:33 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\drivers\11216E.sys
[2011/06/02 12:09:21 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26468132r
[2011/06/02 12:09:21 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26468132
[2011/06/02 12:02:48 | 000,000,807 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\Windows XP Recovery.lnk
[2011/06/02 12:02:29 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\26468132
[2011/06/02 12:02:23 | 000,410,112 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\26468132.exe
[2011/04/21 11:23:52 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/10 16:34:10 | 000,047,104 | -H-- | C] () -- C:\WINDOWS\System32\mspaclip.dll
[2010/05/01 06:32:44 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/05/01 06:32:42 | 000,000,008 | -H-- | C] () -- C:\WINDOWS\sdfinacs.dll
[2010/05/01 06:32:41 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/05/01 05:07:33 | 000,000,168 | -H-- | C] () -- C:\WINDOWS\wuasirvy.dll
[2010/03/22 11:21:01 | 000,082,482 | -H-- | C] () -- C:\WINDOWS\msacm32.drv
[2009/08/18 16:21:48 | 000,016,969 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ajukaqyni.bin
[2009/08/18 16:21:48 | 000,016,401 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\fozihow.lib
[2009/08/18 16:21:48 | 000,013,986 | -H-- | C] () -- C:\WINDOWS\gifitinab.sys
[2009/08/18 16:21:48 | 000,012,933 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\yzuju.bin
[2009/08/18 16:21:48 | 000,012,918 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ukutirez.dat
[2009/08/18 16:21:48 | 000,012,335 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\fule.reg
[2009/08/18 16:21:48 | 000,011,780 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\zugezaxyz.db
[2009/08/18 16:21:48 | 000,011,473 | -H-- | C] () -- C:\WINDOWS\abane.exe
[2009/08/18 16:20:01 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\UACqyisuyipjd.dll
[2009/08/17 12:32:12 | 000,000,091 | -H-- | C] () -- C:\WINDOWS\System32\kbiwkmbltfmuij.dat
[2009/08/17 12:08:47 | 000,011,336 | ---- | C] () -- C:\WINDOWS\System32\uacinit.dll
[2009/08/17 12:08:47 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\UACvrbfaswulk.dat
[2009/08/17 12:08:44 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\UACrjkomqxewc.dll
[2009/08/17 12:08:37 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\UACexvaprniqe.sys
[2009/08/17 12:08:13 | 000,009,150 | -H-- | C] () -- C:\WINDOWS\System32\kbiwkmtxwvbtvx.dat
[2009/07/26 18:15:36 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\System32\vsfoceamfragrh.dat
[2009/01/07 13:09:36 | 000,124,348 | -H-- | C] () -- C:\WINDOWS\HPHins12.dat
[2009/01/07 13:09:36 | 000,014,916 | -H-- | C] () -- C:\WINDOWS\hphmdl12.dat
[2008/10/18 19:32:46 | 000,019,681 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\duwe.lib
[2008/10/18 19:32:46 | 000,018,214 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\azyqukyren.inf
[2008/10/18 19:32:46 | 000,017,948 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\tutazaryf._sy
[2008/10/18 19:32:46 | 000,016,907 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\yvab.dat
[2008/10/18 19:32:46 | 000,014,703 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\akoq.dll
[2008/10/18 19:32:46 | 000,014,269 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\amuwipoj.sys
[2008/10/18 19:32:46 | 000,014,025 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\azerygy.ban
[2008/10/18 19:32:46 | 000,012,895 | -H-- | C] () -- C:\WINDOWS\amelycehe.com
[2008/10/18 19:32:46 | 000,012,320 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ikuqunywiq.scr
[2008/10/18 19:32:46 | 000,012,189 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\aguka.ban
[2008/10/18 19:32:46 | 000,012,096 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\loxoco.inf
[2008/10/18 19:32:46 | 000,010,406 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\roduviri.bin
[2008/10/18 19:32:46 | 000,010,169 | -H-- | C] () -- C:\Program Files\Common Files\ozusi.dl
[2008/10/18 19:27:38 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/18 19:13:36 | 000,003,896 | -H-- | C] () -- C:\WINDOWS\System32\TDSSlxwp.dll
[2008/10/18 19:13:32 | 000,000,164 | -H-- | C] () -- C:\WINDOWS\System32\TDSSorvd.dat
[2008/03/27 03:09:04 | 000,000,010 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\usb001
[2008/01/27 17:12:40 | 000,077,824 | RH-- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/30 08:10:44 | 000,012,800 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/06 03:44:03 | 000,000,854 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2007/05/15 22:53:58 | 000,002,287 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/28 04:48:23 | 000,001,755 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/21 21:07:07 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2007/02/21 21:06:54 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/02/21 21:06:54 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/08 03:06:54 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\liveup.ini
[2007/01/17 02:19:53 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/17 02:19:15 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\atid.ini
[2007/01/14 23:41:04 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/08 06:03:01 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/08 05:34:55 | 000,028,848 | -H-- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/08 05:27:54 | 000,118,842 | RH-- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/08/08 05:27:14 | 000,667,896 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2006/08/08 05:27:14 | 000,001,235 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2006/08/08 05:27:05 | 000,012,988 | -H-- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/08 05:26:54 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/08 05:23:36 | 000,000,174 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/08 05:12:47 | 000,000,238 | -H-- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/08 05:11:23 | 000,045,929 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/08 05:11:23 | 000,000,698 | -H-- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/08 05:06:15 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/08 05:05:15 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/08 05:01:28 | 000,125,796 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/08/08 04:59:50 | 000,000,791 | -H-- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/08 04:39:53 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/08/08 04:36:38 | 000,323,584 | -H-- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/08 04:36:38 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/08 04:36:17 | 000,016,896 | -H-- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 00:07:46 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 00:07:46 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 00:05:30 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 00:01:42 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 23:58:02 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 00:01:54 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | -H-- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 07:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 00:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 00:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 00:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 00:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 00:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 00:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 00:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 10:51:38 | 000,000,592 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/09/04 00:48:27 | 000,001,024 | -H-- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2001/08/23 11:12:28 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2011/06/06 16:57:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\ElevatedDiagnostics
[2008/03/13 22:43:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2011/03/31 11:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
[2010/03/28 14:54:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Netscape
[2008/01/01 14:55:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Snapfish
[2007/12/06 03:44:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2009/08/18 14:46:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2007/01/20 01:03:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Viewpoint
[2008/01/07 20:19:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WildTangent
[2007/07/05 01:41:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2010/03/28 10:38:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2006/08/08 05:17:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2007/02/21 21:06:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/01/30 07:31:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/07 20:19:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/04/29 11:45:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/14 21:00:00 | 000,000,380 | -H-- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/06/30 21:00:17 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2011/06/08 11:00:00 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2011/06/08 11:00:00 | 000,000,314 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\My Documents\me and micaela:SummaryInformation
< End of report >

Do this on the computer you are posting from:
Copy the text in the codebox below:



Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

• Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
  
  • (The content of Fix.txt should appear in the box)
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log produced (you'll need to transfer it with USB stick)
• Attempt to reboot normally into Windows.

I tried this but the OTLPE program freezes up within seconds of me hitting the RUN FIX button.

Shut down computer, leave it off for couple of minutes and try again.

Unfortunately it still froze up. I left it off for 4-5 minutes and the program froze up and quit responding almost immediately again.

Just to make sure I'm doing it correctly:
I'm booting from disk, copying the fix.txt under where it says custom scan/fixes, and then clicking Run Fix.

Yes, that's correct.

Try Avira AntiVir Rescue System

Using another working computer...
1. Download the Avira AntiVir Rescue System: http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
2. Place a blank CD in your burner and double-click on the downloaded file.
3. The program will automatically burn the CD for you.
4. Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
5. On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
6. Click on the Configuration button.

- Select Scan all files
- Select Try to repair infected files and Rename files, if they cannot be removed
- Select Scan for dialers
- Select Scan for joke programs (Jokes)
- Select Scan for games
- Select Scan for spyware (SPR)

7. Click on Virus scanner
8. Click on Start scanner at the bottom of the screen.

9. Let Avira finish it's scan and then remove any threats found and then exit out of the scanner.
10. Take the CD out of the CD/DVD tray and then restart the computer.

If needed see this Tutorial for the Avira Rescue CD: http://forum.avira.com/wbb/index.php?page=Thread&threadID=82163

Ok, I ran the Avira Rescue Disk. It found several trojans (8 I believe) and renamed them all. I then removed the cd and restarted the computer. My desktop screen is back to being blue but there are no icons showing. It is completely blank except for the startup bar.

Also, according to the Rescue Disk tutorial you posted, it recommended "Boot on Windows normally. Run a full system scan with AntiVir to quarantine all the renamed files (.XXX extension)." My question is what is AntiVir? Is that another antivirus program I need to download. I will wait until I hear from you before I do anything else. Thanks again for the help!

Also, the windows xp recovery thing did not start so it looks like we are making progress!!

Very well

My question is what is AntiVir?

Click to expand...

They assume, you have Avira installed.
I can see, you have 3 AV programs running, Avast, Norton and McAfee.
You can run only one, but we'll deal with this in a moment.

See, if we can get some of your display back.

Download and run UnHide

I'm getting the box with a big red X saying I can't download it from bleepingcomputers.com. Says "internet explorer was not able to open the Internet site. The requested site is either unavailable or cannot be found. Please try again later." I'm going to try it from safe mode.

Uploaded it for you Here: http://www.filedropper.com/unhide_1

ok, I got the same message. I can see the box behind it with the file moving from the picture of the earth to the folder and it says 0% of file downloaded. Something must be blocking me from downloading because my other computer does not get that error message.

Try to download it from Safe Mode with Networking.

My safe mode w/network is giving me the option of:

Windows XP Media Center Edition or

Microsoft Windows Recovery Console

I've never seen it with two options. Does it matter which I use?

Windows XP Media Center Edition

ok, it allowed me to download it in safe mode. I ran the program and then restarted the computer in normal mode. I don't have any icons on the desktop but all the programs are visible in the Start menu.

Very well.
We'll keep working on it...

Now, it's time to get rid of some of your AV programs.
Assuming, Avast is your current AV program...
Uninstall Norton, using this tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN
Uninstall McAfee, using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

Then....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.
Complete as many steps as you can.

Ok, it keeps looking better and better. My desktop is showing everything again and I was able to run all the requested programs. Here you go!



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6832

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/10/2011 11:26:04 PM
mbam-log-2011-06-10 (23-26-04).txt

Scan type: Quick scan
Objects scanned: 172883
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 6
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AA32FC7-133B-4AE7-998E-CED0D9829B12} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Monopod (Trojan.FakeAlert) -> Value: Monopod -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kqAIrvwyxLeS (Rogue.Agent.SA) -> Value: kqAIrvwyxLeS -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Getdo (Trojan.Agent) -> Value: Getdo -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Helper (Trojan.Agent) -> Value: Helper -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\compaq_administrator\start menu\Programs\pc_antispyware2010 (Rogue.PCAntispyware2010) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\windows antivirus pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\config\systemprofile\Desktop\windows antivirus pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kbiwkmbltfmuij.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kbiwkmtxwvbtvx.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uacvrbfaswulk.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vsfoceamfragrh.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{7b02ef0b-a410-4938-8480-9ba26420a627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bb65b0fb-5712-401b-b616-e69ac55e2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\compaq_administrator\application data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\windows antivirus pro\windows antivirus pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/15/2007 3:40:44 AM
System Uptime: 6/10/2011 8:15:50 PM (0 hours ago)
.
Motherboard: ECS | | Asterope3
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | CPU 1 | 2799/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 158.835 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.358 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP689: 3/13/2011 1:35:00 PM - System Checkpoint
RP690: 3/27/2011 9:46:20 PM - System Checkpoint
RP691: 4/14/2011 10:38:40 PM - System Checkpoint
RP692: 4/16/2011 9:55:42 AM - System Checkpoint
RP693: 4/19/2011 1:57:51 AM - System Checkpoint
RP694: 4/20/2011 3:49:57 AM - System Checkpoint
RP695: 4/21/2011 4:29:58 PM - System Checkpoint
RP696: 4/22/2011 4:46:50 PM - System Checkpoint
RP697: 4/24/2011 1:37:24 PM - System Checkpoint
RP698: 4/25/2011 3:48:14 PM - System Checkpoint
RP699: 6/9/2011 9:56:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
avast! Free Antivirus
Bonjour
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Chronotron Plug-in for Winamp/WMP 9 (remove only)
Compaq Connections (remove only)
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
D4100
D4100_Help
Data Fax SoftModem with SmartCP
Destinations
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (remove only)
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Free File Opener v2011.7.0.1
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.105.1
LimeWire 5.5.16
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Netscape Browser (remove only)
OptionalContentQFolder
PanoStandAlone
PC-Doctor 5 for Windows
Pdf995
PdfEdit995
PhotoGallery
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Remove WeatherBug Installer
Rhapsody
Rhapsody Player Engine
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sibelius Scorch (ActiveX Only)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
TaxCut Basic 2006
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 8:02:56 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.
6/8/2011 2:57:04 PM, error: Service Control Manager [7031] - The McAfee SystemGuards service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/8/2011 2:57:04 PM, error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/8/2011 2:54:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
6/8/2011 2:54:51 PM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the file specified.
6/8/2011 2:49:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/8/2011 2:48:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/7/2011 10:20:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
6/7/2011 10:19:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi eeCtrl Fips ftsata2 intelppm mfehidk
6/6/2011 2:49:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/6/2011 2:48:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi eeCtrl Fips ftsata2 intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/6/2011 2:48:37 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/6/2011 2:48:37 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/6/2011 2:48:37 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/6/2011 2:48:37 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/6/2011 2:48:37 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/6/2011 2:48:37 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/10/2011 8:17:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 IntelIde ViaIde
.
==== End Of File ===========================

.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Administrator at 20:32:46 on 2011-06-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.440 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [minix32] c:\windows\system32\minix32.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A920C5DC-8AC5-49BA-88F1-43DE0E3B1014} : DhcpNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-10 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-28 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-28 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-28 42184]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-5 39984]
.
=============== Created Last 30 ================
.
2011-06-10 23:10:11 -------- d-----w- c:\documents and settings\compaq_administrator\application data\Malwarebytes
2011-06-10 16:39:16 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-09 20:56:46 -------- d-sh--w- C:\found.003
2011-06-08 23:04:51 -------- d-----w- C:\_OTL
2011-06-07 22:20:16 -------- d-----w- c:\program files\Malwarebytes
2011-06-06 20:59:18 -------- d-----w- c:\program files\Mal
2011-06-06 20:57:28 -------- d-----w- c:\documents and settings\compaq_administrator\application data\ElevatedDiagnostics
2011-06-05 14:24:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-05 14:24:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 14:24:00 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-05 14:16:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-02 21:12:33 116224 ----a-w- c:\windows\system32\drivers\11216E.sys
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 20:34:18.25 ===============

I'm glad to hear good news

I still need GMER log.

My bad..forgot to add it.


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-10 20:27:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD2500JS-60NCB1 rev.10.02E02
Running: c3hjk9xc.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ugldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF1CE6BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF1CE6A5D]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF1D3E902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

OK

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
• Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

• Open SUPERAntiSpyware.
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Post SUPERAntiSpyware log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/11/2011 at 03:38 AM

Application Version : 4.54.1000

Core Rules Database Version : 7251
Trace Rules Database Version: 5063

Scan type : Complete Scan
Total Scan Time : 06:08:38

Memory items scanned : 224
Memory threats detected : 0
Registry items scanned : 6978
Registry threats detected : 0
File items scanned : 106828
File threats detected : 13

Trojan.Agent/Gen-IExplorer[Fake]
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX0\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX3\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX4\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX8\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX3\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX4\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\TEMP\RARSFX8\PROCS\EXPLORER.EXE
C:\WINDOWS\Prefetch\EXPLORER.EXE-226ED93C.pf

Rogue.Agent/Gen-Nullo[EXE]
C:\WINDOWS\ABANE.EXE

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSBUBV.LOG
C:\WINDOWS\SYSTEM32\TDSSNMXH.LOG
C:\WINDOWS\SYSTEM32\TDSSORVD.DAT