Solved Always something> about blank! trogans--2 wks ago Win32.Eyeon -may still have? LOGS

H

herewegoagain

Posts: 50   +0
Hi, Ive had just about it all & some worse than others ...namely the 'about blank'! This time Spybot found Win32.Eyeon twice ...two weeks ago & before then. Something is lurking? with toolbars disappearing, redirects, getting logged out of yahoo, ebay etc. & basic slow everything. I just hope its not as bad as "AB' :)
Here are all the logs requested:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Owner at 22:15:54 on 2012-02-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.530 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/welcome?.gx=1&.tm=1284110515&.rand=8fmpmti9imgv5
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bankofamerica.com\allmyaccounts
Trusted Zone: bankofamerica.com\onlineeast2
Trusted Zone: ebay.com\cgi
Trusted Zone: ebay.com\cgi5
Trusted Zone: ebay.com\my
Trusted Zone: ebay.com\offer
Trusted Zone: ebay.com\signin
Trusted Zone: ebay.com\www
Trusted Zone: googleusercontent.com\webcache
Trusted Zone: plaxo.com\www
Trusted Zone: usps.com\sss-web
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\us.mc558.mail
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{8896D987-AD6F-4C73-B822-D35C5D8F3F6B} : DhcpNameServer = 167.206.254.1 167.206.254.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-11 206096]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2004-12-10 30336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-10-4 27064]
.
=============== Created Last 30 ================
.
2012-01-23 09:45:47 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-23 09:45:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 09:44:59 -------- d-----w- c:\documents and settings\compaq_owner\application data\AVG2012
2012-01-23 09:42:14 -------- d-----w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2012-01-23 09:06:46 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2012-01-22 15:24:27 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy(2).sys
2012-01-10 21:13:20 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-10 21:13:20 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-01-10 21:12:28 -------- d-----w- c:\program files\AVG
2012-01-10 18:29:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-01-10 18:29:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 07:12:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-30 09:51:12 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:17:02.17 ===============


-----------------------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2005 12:17:43 AM
System Uptime: 2/1/2012 12:34:05 AM (22 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 754 | 2411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 195.874 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.675 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1825: 11/3/2011 10:29:03 AM - System Checkpoint
RP1826: 11/5/2011 6:27:17 AM - System Checkpoint
RP1827: 11/6/2011 9:53:59 AM - System Checkpoint
RP1828: 11/6/2011 11:09:43 AM - Spybot-S&D Spyware removal
RP1829: 11/7/2011 3:06:38 PM - System Checkpoint
RP1830: 11/8/2011 5:17:53 AM - Software Distribution Service 3.0
RP1831: 11/11/2011 7:30:39 AM - System Checkpoint
RP1832: 11/12/2011 8:00:11 AM - System Checkpoint
RP1833: 11/13/2011 9:24:48 AM - System Checkpoint
RP1834: 11/13/2011 11:29:36 AM - Spybot-S&D Spyware removal
RP1835: 11/14/2011 8:14:35 PM - Spybot-S&D Spyware removal
RP1836: 11/16/2011 9:26:42 AM - System Checkpoint
RP1837: 11/17/2011 9:27:19 AM - System Checkpoint
RP1838: 11/18/2011 10:03:44 AM - System Checkpoint
RP1839: 11/19/2011 10:03:55 AM - System Checkpoint
RP1840: 11/20/2011 10:28:43 AM - System Checkpoint
RP1841: 11/20/2011 11:06:31 AM - Spybot-S&D Spyware removal
RP1842: 11/22/2011 5:14:58 AM - System Checkpoint
RP1843: 11/23/2011 7:25:26 AM - System Checkpoint
RP1844: 11/24/2011 8:06:12 AM - System Checkpoint
RP1845: 11/25/2011 9:06:17 AM - System Checkpoint
RP1846: 11/26/2011 9:21:53 AM - System Checkpoint
RP1847: 11/27/2011 9:58:18 AM - System Checkpoint
RP1848: 11/27/2011 11:06:09 AM - Spybot-S&D Spyware removal
RP1849: 11/28/2011 12:22:34 PM - System Checkpoint
RP1850: 11/29/2011 12:22:49 PM - System Checkpoint
RP1851: 11/30/2011 4:50:24 AM - BEFORE COMBOFIX
RP1852: 12/1/2011 4:56:56 AM - System Checkpoint
RP1853: 12/2/2011 8:32:41 AM - System Checkpoint
RP1854: 12/3/2011 9:09:17 AM - System Checkpoint
RP1855: 12/4/2011 9:09:37 AM - System Checkpoint
RP1856: 12/4/2011 12:20:03 PM - Spybot-S&D Spyware removal
RP1857: 12/5/2011 7:59:28 AM - Installed Shipping Assistant 3.8.
RP1858: 12/6/2011 2:06:14 AM - Software Distribution Service 3.0
RP1859: 12/7/2011 2:20:32 AM - System Checkpoint
RP1860: 12/9/2011 8:32:38 AM - System Checkpoint
RP1861: 12/10/2011 9:40:44 PM - System Checkpoint
RP1862: 12/12/2011 8:03:34 AM - System Checkpoint
RP1863: 12/13/2011 8:46:52 AM - System Checkpoint
RP1864: 12/14/2011 9:22:59 AM - System Checkpoint
RP1865: 12/15/2011 9:23:34 AM - System Checkpoint
RP1866: 12/16/2011 10:18:12 AM - System Checkpoint
RP1867: 12/17/2011 10:24:38 AM - System Checkpoint
RP1868: 12/18/2011 10:27:40 AM - System Checkpoint
RP1869: 12/19/2011 10:49:00 AM - System Checkpoint
RP1870: 12/21/2011 11:15:53 AM - System Checkpoint
RP1871: 12/22/2011 11:31:06 AM - System Checkpoint
RP1872: 12/23/2011 11:38:18 AM - System Checkpoint
RP1873: 12/24/2011 12:38:18 PM - System Checkpoint
RP1874: 12/26/2011 8:42:31 AM - System Checkpoint
RP1875: 12/27/2011 9:18:28 AM - System Checkpoint
RP1876: 12/28/2011 9:43:07 AM - System Checkpoint
RP1877: 12/29/2011 9:43:43 AM - System Checkpoint
RP1878: 12/30/2011 9:44:14 AM - System Checkpoint
RP1879: 12/31/2011 9:44:51 AM - System Checkpoint
RP1880: 1/1/2012 9:45:19 AM - System Checkpoint
RP1881: 1/2/2012 10:11:41 AM - System Checkpoint
RP1882: 1/3/2012 11:11:48 AM - System Checkpoint
RP1883: 1/4/2012 5:42:10 PM - Removed Turbo Lister 2.
RP1884: 1/4/2012 7:00:11 PM - Installed Turbo Lister 2.
RP1885: 1/6/2012 9:11:52 AM - System Checkpoint
RP1886: 1/7/2012 9:24:52 AM - System Checkpoint
RP1887: 1/8/2012 9:44:52 AM - System Checkpoint
RP1888: 1/9/2012 9:45:08 AM - System Checkpoint
RP1889: 1/10/2012 3:55:01 AM - Restore Operation
RP1890: 1/10/2012 12:30:03 PM - Removed Java(TM) 6 Update 12
RP1891: 1/10/2012 12:46:44 PM - Software Distribution Service 3.0
RP1892: 1/10/2012 1:28:52 PM - Installed Java(TM) 6 Update 30
RP1893: 1/10/2012 3:27:16 PM - Removed AVG 2011
RP1894: 1/10/2012 3:29:03 PM - Removed AVG 2011
RP1895: 1/10/2012 4:12:27 PM - Installed AVG 2012
RP1896: 1/10/2012 4:13:02 PM - Installed AVG 2012
RP1897: 1/11/2012 5:52:21 PM - System Checkpoint
RP1898: 1/13/2012 10:59:43 AM - System Checkpoint
RP1899: 1/15/2012 9:10:19 AM - System Checkpoint
RP1900: 1/16/2012 10:01:00 AM - System Checkpoint
RP1901: 1/17/2012 10:07:44 AM - System Checkpoint
RP1902: 1/18/2012 11:29:05 AM - System Checkpoint
RP1903: 1/19/2012 11:31:28 AM - System Checkpoint
RP1904: 1/21/2012 5:28:51 AM - System Checkpoint
RP1905: 1/22/2012 7:27:59 AM - System Checkpoint
RP1906: 1/23/2012 3:55:49 AM - Restore Operation
RP1907: 1/23/2012 4:05:17 AM - Restore Operation
RP1908: 1/23/2012 4:22:39 AM - Restore Operation
RP1909: 1/23/2012 4:33:22 AM - Restore Operation
RP1910: 1/24/2012 4:56:48 AM - System Checkpoint
RP1911: 1/25/2012 5:14:50 AM - System Checkpoint
RP1912: 1/26/2012 6:14:52 AM - System Checkpoint
RP1913: 1/27/2012 10:22:37 AM - System Checkpoint
RP1914: 1/28/2012 10:28:43 AM - System Checkpoint
RP1915: 1/29/2012 10:35:00 AM - System Checkpoint
RP1916: 1/30/2012 10:40:27 AM - System Checkpoint
RP1917: 1/31/2012 10:41:58 AM - System Checkpoint
RP1918: 2/1/2012 11:33:25 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 5.5
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader X (10.1.1)
Agere Systems PCI Soft Modem
AVG 2012
Brother MFL-Pro Suite
CCleaner
Compaq Connections
DAZzle
Enhanced Multimedia Keyboard Solution
ERUNT 1.1j
getPlus(R) for Adobe
Google Advertising Cookie Opt-out
Google Toolbar for Internet Explorer
Google Update Helper
Help and Support Additions
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
HpSdpAppCoreApp
Image Resizer Powertoy for Windows XP
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Framework Services v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Optimum Online net guide
PaperPort
PC-Doctor for Windows
Photo Loader 2.3E
Photohands 1.0E
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Revo Uninstaller Pro 2.5.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Shipping Assistant 3.8
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SyncToy 2.0 (x86)
Turbo Lister 2
Tweak UI
Ulead Movie Wizard SE VCD
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
Virtual Earth 3D (Beta)
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Install Manager
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 9:09:03 PM, error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
2/1/2012 10:15:57 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
1/30/2012 11:21:02 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/30/2012 11:20:36 PM, error: Service Control Manager [7001] - The ClipBook service depends on the Network DDE service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/30/2012 11:20:08 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0011D8231EA8 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================



------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: YOUR-71A232D1A6 [administrator]

2/1/2012 9:41:58 PM
mbam-log-2012-02-01 (21-41-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197825
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-01 22:29:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BB-22GUA0 rev.08.02D08
Running: 236z4vxp.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\pwndrkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------------------
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Probably sounds ridiculous but ...how do I 'open a notepad'? I got as far as pressing Ctrl+C & the black box disappeared.
I would post the asw log but afraid to copy it since Im in the middle of this & dont want to lose what I just did. Thanks
 
I just edited (figured it out) but guess my reply was at the same time as yours & got wiped out.

Thanks for the Q U I C K ! replies & sorry I left for a bit ...Ill be sticking around now for the next 4 hrs.
Maybe I should let you know also that the msconfig in start>run had gone missing recently too. I did research & was able to get it back but who knows if I did it all correctly so thought I should mention.
All set with the logs, here they are:

PS- PLEASE- Who develops the Android operating system?
Who is Big Blue? & The IT question answer if possible???
...darn verifiying questions! :) Thanks

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-02 00:19:25
-----------------------------
00:19:25.062 OS Version: Windows 5.1.2600 Service Pack 3
00:19:25.062 Number of processors: 1 586 0xC00
00:19:25.093 ComputerName: YOUR-71A232D1A6 UserName: Compaq_Owner
00:19:30.125 Initialize success
00:21:05.875 AVAST engine defs: 12020101
00:21:41.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:21:41.671 Disk 0 Vendor: WDC_WD2500BB-22GUA0 08.02D08 Size: 238475MB BusType: 3
00:21:41.687 Disk 0 MBR read successfully
00:21:41.687 Disk 0 MBR scan
00:21:41.796 Disk 0 unknown MBR code
00:21:41.812 Disk 0 Partition 1 00 0B FAT32 RECOVERY 5396 MB offset 63
00:21:41.890 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233068 MB offset 11052720
00:21:41.937 Disk 0 scanning sectors +488376000
00:21:42.000 Disk 0 scanning C:\WINDOWS\system32\drivers
00:22:33.921 Service scanning
00:22:35.187 Modules scanning
00:23:05.234 Disk 0 trace - called modules:
00:23:05.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:23:05.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a264ab8]
00:23:05.750 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a2a8f18]
00:23:05.750 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a254940]
00:23:06.390 AVAST engine scan C:\WINDOWS
00:23:14.218 AVAST engine scan C:\WINDOWS\system32
00:30:04.718 AVAST engine scan C:\WINDOWS\system32\drivers
00:30:37.156 AVAST engine scan C:\Documents and Settings\Compaq_Owner
00:37:54.578 AVAST engine scan C:\Documents and Settings\All Users
00:44:56.406 Scan finished successfully
00:45:18.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat"
00:45:18.218 The log file has been saved successfully to "C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.txt"


---------------------------------------------------------------------------------------------

.\debug.cpp(238) : Debug log started at 02.02.2012 - 06:40:46
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : (c) 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x804d7000 0x0020e000 "\WINDOWS\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x806e5000 0x00020d00 "\WINDOWS\system32\hal.dll"
.\debug.cpp(256) : 0xba5a8000 0x00002000 "\WINDOWS\system32\KDCOM.DLL"
.\debug.cpp(256) : 0xba4b8000 0x00003000 "\WINDOWS\system32\BOOTVID.dll"
.\debug.cpp(256) : 0xb9f79000 0x0002e000 "ACPI.sys"
.\debug.cpp(256) : 0xba5aa000 0x00002000 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0xb9f68000 0x00011000 "pci.sys"
.\debug.cpp(256) : 0xba0a8000 0x0000a000 "isapnp.sys"
.\debug.cpp(256) : 0xba670000 0x00001000 "pciide.sys"
.\debug.cpp(256) : 0xba328000 0x00007000 "\WINDOWS\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0xba0b8000 0x0000b000 "MountMgr.sys"
.\debug.cpp(256) : 0xb9f49000 0x0001f000 "ftdisk.sys"
.\debug.cpp(256) : 0xba330000 0x00005000 "PartMgr.sys"
.\debug.cpp(256) : 0xba0c8000 0x0000d000 "VolSnap.sys"
.\debug.cpp(256) : 0xb9f31000 0x00018000 "atapi.sys"
.\debug.cpp(256) : 0xba0d8000 0x00009000 "disk.sys"
.\debug.cpp(256) : 0xba0e8000 0x0000d000 "\WINDOWS\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0xb9f11000 0x00020000 "fltmgr.sys"
.\debug.cpp(256) : 0xb9eff000 0x00012000 "sr.sys"
.\debug.cpp(256) : 0xba338000 0x00005000 "PxHelp20.sys"
.\debug.cpp(256) : 0xb9ee8000 0x00017000 "KSecDD.sys"
.\debug.cpp(256) : 0xb9e5b000 0x0008d000 "Ntfs.sys"
.\debug.cpp(256) : 0xb9e2e000 0x0002d000 "NDIS.sys"
.\debug.cpp(256) : 0xba340000 0x00007000 "viaagp1.sys"
.\debug.cpp(256) : 0xba0f8000 0x0000a000 "SISAGPX.sys"
.\debug.cpp(256) : 0xba108000 0x00010000 "ohci1394.sys"
.\debug.cpp(256) : 0xba118000 0x0000e000 "\WINDOWS\system32\DRIVERS\1394BUS.SYS"
.\debug.cpp(256) : 0xb9e14000 0x0001a000 "Mup.sys"
.\debug.cpp(256) : 0xba348000 0x00007000 "avgrkx86.sys"
.\debug.cpp(256) : 0xba4bc000 0x00004000 "AVGIDSEH.Sys"
.\debug.cpp(256) : 0xba258000 0x0000e000 "\SystemRoot\system32\DRIVERS\AmdK8.sys"
.\debug.cpp(256) : 0xb910e000 0x00041000 "\SystemRoot\system32\DRIVERS\sisgrp.sys"
.\debug.cpp(256) : 0xb90fa000 0x00014000 "\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS"
.\debug.cpp(256) : 0xba268000 0x0000b000 "\SystemRoot\system32\DRIVERS\imapi.sys"
.\debug.cpp(256) : 0xba278000 0x00010000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0xba288000 0x0000f000 "\SystemRoot\system32\DRIVERS\redbook.sys"
.\debug.cpp(256) : 0xb90d7000 0x00023000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0xba470000 0x00007000 "\SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0xb8ea1000 0x00236000 "\SystemRoot\system32\drivers\ALCXWDM.SYS"
.\debug.cpp(256) : 0xb8e7d000 0x00024000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0xba298000 0x0000f000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0xba478000 0x00005000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0xb8e59000 0x00024000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0xba480000 0x00008000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0xb8d23000 0x00136000 "\SystemRoot\system32\DRIVERS\AGRSM.sys"
.\debug.cpp(256) : 0xba490000 0x00008000 "\SystemRoot\System32\Drivers\Modem.SYS"
.\debug.cpp(256) : 0xba2a8000 0x00010000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0xb9ddc000 0x00004000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0xb8d0f000 0x00014000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0xba2b8000 0x0000d000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0xba498000 0x00006000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0xba4a0000 0x00005000 "\SystemRoot\system32\DRIVERS\PS2.sys"
.\debug.cpp(256) : 0xba4a8000 0x00006000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0xba72f000 0x00001000 "\SystemRoot\system32\DRIVERS\audstub.sys"
.\debug.cpp(256) : 0xba2c8000 0x0000d000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0xb9dd8000 0x00003000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0xb8cf8000 0x00017000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0xba2d8000 0x0000b000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0xba2e8000 0x0000c000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0xba4b0000 0x00005000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0xb8ce7000 0x00011000 "\SystemRoot\system32\DRIVERS\psched.sys"
.\debug.cpp(256) : 0xba2f8000 0x00009000 "\SystemRoot\system32\DRIVERS\msgpc.sys"
.\debug.cpp(256) : 0xba378000 0x00005000 "\SystemRoot\system32\DRIVERS\ptilink.sys"
.\debug.cpp(256) : 0xba380000 0x00005000 "\SystemRoot\system32\DRIVERS\raspti.sys"
.\debug.cpp(256) : 0xba308000 0x0000a000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0xba5dc000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0xb8c61000 0x0005e000 "\SystemRoot\system32\DRIVERS\update.sys"
.\debug.cpp(256) : 0xba534000 0x00004000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0xba318000 0x0000a000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0xb91af000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0xba5f4000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0xb916f000 0x0000d000 "\SystemRoot\system32\DRIVERS\avgmfx86.sys"
.\debug.cpp(256) : 0xba3a8000 0x00007000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0xba606000 0x00002000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0xba6df000 0x00001000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0xba608000 0x00002000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0xba3b8000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0xba3c0000 0x00006000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0xba60a000 0x00002000 "\SystemRoot\System32\Drivers\mnmdd.SYS"
.\debug.cpp(256) : 0xba60c000 0x00002000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0xba3c8000 0x00005000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0xba3d0000 0x00008000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0xba584000 0x00003000 "\SystemRoot\system32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0xaebde000 0x00013000 "\SystemRoot\system32\DRIVERS\ipsec.sys"
.\debug.cpp(256) : 0xaeb85000 0x00059000 "\SystemRoot\system32\DRIVERS\tcpip.sys"
.\debug.cpp(256) : 0xaeb3e000 0x00047000 "\SystemRoot\system32\DRIVERS\avgtdix.sys"
.\debug.cpp(256) : 0xaeb18000 0x00026000 "\SystemRoot\system32\DRIVERS\ipnat.sys"
.\debug.cpp(256) : 0xb915f000 0x00009000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0xb914f000 0x0000f000 "\SystemRoot\system32\DRIVERS\arp1394.sys"
.\debug.cpp(256) : 0xaeaf0000 0x00028000 "\SystemRoot\system32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0xba59c000 0x00003000 "\SystemRoot\System32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0xaeace000 0x00022000 "\SystemRoot\System32\drivers\afd.sys"
.\debug.cpp(256) : 0xba158000 0x00009000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0xba5a0000 0x00003000 "\SystemRoot\system32\DRIVERS\srvkp.sys"
.\debug.cpp(256) : 0xaeaa3000 0x0002b000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0xaea33000 0x00070000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0xba188000 0x0000b000 "\SystemRoot\System32\Drivers\Fips.SYS"
.\debug.cpp(256) : 0xae9d4000 0x00037000 "\SystemRoot\system32\DRIVERS\avgldx86.sys"
.\debug.cpp(256) : 0xae62d000 0x00024000 "\SystemRoot\System32\Drivers\Fastfat.SYS"
.\debug.cpp(256) : 0xae575000 0x00018000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0xba5d6000 0x00002000 "\SystemRoot\System32\Drivers\dump_WMILIB.SYS"
.\debug.cpp(256) : 0xbf800000 0x001c6000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0xae5c5000 0x00003000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0xba418000 0x00005000 "\SystemRoot\System32\watchdog.sys"
.\debug.cpp(256) : 0xbf000000 0x00012000 "\SystemRoot\System32\drivers\dxg.sys"
.\debug.cpp(256) : 0xba746000 0x00001000 "\SystemRoot\System32\drivers\dxgthk.sys"
.\debug.cpp(256) : 0xbf012000 0x0012e000 "\SystemRoot\System32\SiSGRV.dll"
.\debug.cpp(256) : 0xbf140000 0x00047000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0xae4c1000 0x00004000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0xae230000 0x0002d000 "\SystemRoot\system32\DRIVERS\mrxdav.sys"
.\debug.cpp(256) : 0xae44d000 0x00003000 "\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys"
.\debug.cpp(256) : 0xae12b000 0x00015000 "\SystemRoot\system32\drivers\wdmaud.sys"
.\debug.cpp(256) : 0xae2f5000 0x0000f000 "\SystemRoot\system32\drivers\sysaudio.sys"
.\debug.cpp(256) : 0xadf95000 0x00058000 "\SystemRoot\system32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xba5b4000 0x00002000 "\SystemRoot\System32\Drivers\MCSTRM.SYS"
.\debug.cpp(256) : 0xade6b000 0x00018000 "\??\C:\WINDOWS\system32\drivers\tmcomm.sys"
.\debug.cpp(256) : 0xba398000 0x00005000 "\SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys"
.\debug.cpp(256) : 0xaddab000 0x00020000 "\SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys"
.\debug.cpp(256) : 0xba228000 0x00010000 "\SystemRoot\System32\Drivers\Cdfs.SYS"
.\debug.cpp(256) : 0xba5ca000 0x00002000 "\SystemRoot\System32\Drivers\hiber_WMILIB.SYS"
.\debug.cpp(256) : 0xacd18000 0x00019000 "\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\pwndrkow.sys"
.\debug.cpp(256) : 0xba3b0000 0x00008000 "\SystemRoot\system32\DRIVERS\sisnic.sys"
.\debug.cpp(256) : 0xae315000 0x00010000 "\SystemRoot\system32\DRIVERS\nic1394.sys"
.\debug.cpp(256) : 0xba388000 0x00007000 "\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mbr.sys"
.\debug.cpp(256) : 0xad44f000 0x0000c000 "\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\aswMBR.sys"
.\debug.cpp(256) : 0xacb55000 0x0002b000 "\SystemRoot\system32\drivers\kmixer.sys"
.\debug.cpp(256) : 0x7c900000 0x000b2000 "\WINDOWS\system32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&7ad55db&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{9556C7D0-6390-4DB4-A354-5D20CBC770EE}"
.\debug.cpp(400) : Destination "\Device\{9556C7D0-6390-4DB4-A354-5D20CBC770EE}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\aswMBR"
.\debug.cpp(400) : Destination "\Device\aswMBR"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000041"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000034"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ip"
.\debug.cpp(400) : Destination "\Device\Ip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&38dbd59d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomIDE-DVD_ROM_6116________________________HD24____#5&9a4e45f&0&0.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-1b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TmComm"
.\debug.cpp(400) : Destination "\Device\TmComm"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDev"
.\debug.cpp(400) : Destination "\Device\IPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000033"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDPROXY"
.\debug.cpp(400) : Destination "\Device\NDProxy"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SM_Reader&Rev_1.02#9205291&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{65C44E5A-3731-4465-BD92-00A928EAABCF}"
.\debug.cpp(400) : Destination "\Device\{65C44E5A-3731-4465-BD92-00A928EAABCF}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&163f0fa0&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455645-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&2156e584&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\siskp"
.\debug.cpp(400) : Destination "\Device\siskp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination "\Device\Serial0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&23415857&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0#3&61aaa01&1&17#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_MS_Reader&Rev_1.03#9205291&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000070"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&7ad55db&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03#3&61aaa01&1&50#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{dff220f3-f70f-11d0-b917-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAntiRootkit"
.\debug.cpp(400) : Destination "\Device\AvgAntiRootkit"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455642-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) : Destination "\Device\AgereModem5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0F13#3&61aaa01&1#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8896D987-AD6F-4C73-B822-D35C5D8F3F6B}"
.\debug.cpp(400) : Destination "\Device\{8896D987-AD6F-4C73-B822-D35C5D8F3F6B}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c5066e-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\G:"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination "\Device\GEARAspiWDMDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPNAT"
.\debug.cpp(400) : Destination "\Device\IPNAT"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0#3&61aaa01&1&17#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSched"
.\debug.cpp(400) : Destination "\Device\PSched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0#3&61aaa01&1&17#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455646-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgTdi"
.\debug.cpp(400) : Destination "\Device\AvgTdi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&23415857&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#AuthenticAMD_-_x86_Family_15_Model_12#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000040"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\VideoPdo0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&61aaa01&1#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PTIMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000038"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomIDE-DVD_ROM_6116________________________HD24____#5&9a4e45f&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T1L0-1b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination "\Device\USBFDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0401#3&61aaa01&1#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Avg7Rs"
.\debug.cpp(400) : Destination "\Device\Avg7Rs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000037"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DP(1)0-0+8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EE1156F1-5DE8-4CE7-8A4F-47CA5CA556AC}"
.\debug.cpp(400) : Destination "\Device\{EE1156F1-5DE8-4CE7-8A4F-47CA5CA556AC}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination "\Device\USBFDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7002&SUBSYS_2A04103C&REV_00#3&61aaa01&1&1B#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0008"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sysaudio"
.\debug.cpp(400) : Destination "\Device\sysaudio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MCSTRM"
.\debug.cpp(400) : Destination "\Device\MCSTRM"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_0900&SUBSYS_2A04103C&REV_90#3&61aaa01&1&20#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0009"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PSCHEDMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000036"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DR3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&37786a0b&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom1"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_6330&SUBSYS_2A06103C&REV_00#4&d15f358&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0017"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination "\Device\Harddisk2\DR4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455640-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DR5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AvgAviLdr"
.\debug.cpp(400) : Destination "\Device\AvgAviLdr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PxHelperDevice0"
.\debug.cpp(400) : Destination "\Device\PxHelperDevice0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Dbg"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Dbg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITE-ON_DVDRW_SOHW-1633S________________BPSA____#5&9a4e45f&0&0.0.0#{1186654d-47b8-48b9-beb9-7df113ae3c67}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DR6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#THRM#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1106&DEV_3044&SUBSYS_2A04103C&REV_80#3&61aaa01&1&58#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0012"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50671-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7001&SUBSYS_2A04103C&REV_0F#3&61aaa01&1&1A#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{9ea331fa-b91b-45f8-9285-bd2bc77afcde}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3e227e76-690d-11d2-8161-0000f8775bf1}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad809c00-7b88-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITE-ON_DVDRW_SOHW-1633S________________BPSA____#5&9a4e45f&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#3&61aaa01&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ARP1394"
.\debug.cpp(400) : Destination "\Device\ARP1394"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7012&SUBSYS_2A05103C&REV_A0#3&61aaa01&1&17#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_SD_Reader&Rev_1.00#9205291&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7001&SUBSYS_2A04103C&REV_0F#3&61aaa01&1&18#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&37786a0b&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pwndrkow"
.\debug.cpp(400) : Destination "\Device\pwndrkow"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ack"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Ack"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_11C1&DEV_048C&SUBSYS_044C11C1&REV_03#3&61aaa01&1&50#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000032"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{d6c50674-72c1-11d2-9755-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_USB_CF_Reader&Rev_1.01#9205291&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ps2"
.\debug.cpp(400) : Destination "\Device\Ps2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA342EF6FOffset7E00Length1514CE200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NdisWanIp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSShim"
.\debug.cpp(400) : Destination "\Device\AVGIDSShim"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskWDC_WD2500BB-22GUA0_____________________08.02D08#4457572d4143374c323239353032_037_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#Vid_058f&Pid_9360#9205291#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomLITE-ON_DVDRW_SOHW-1633S________________BPSA____#5&9a4e45f&0&0.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{bf963d80-c559-11d0-8a2b-00a0c9255ac1}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{a7c7a5b0-5af3-11d1-9ced-00a024bf0407}#{9B365890-165F-11D0-A195-0020AFD156E4}#{fbf6f530-07b9-11d2-a71e-0000f8004788}"
.\debug.cpp(400) : Destination "\Device\KSENUM#00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455643-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\CdRom1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination "\Device\1394BUS0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDSErHr"
.\debug.cpp(400) : Destination "\Device\AVGIDSErHr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK1"
.\debug.cpp(400) : Destination "\Device\ParTechInc0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&168e5ac5&0&RM#{53f5630a-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000035"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{a7c7a5b1-5af3-11d1-9ced-00a024bf0407}"
.\debug.cpp(400) : Destination "\Device\0000003b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK2"
.\debug.cpp(400) : Destination "\Device\ParTechInc1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPMULTICAST"
.\debug.cpp(400) : Destination "\Device\IPMULTICAST"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISTAPI"
.\debug.cpp(400) : Destination "\Device\NdisTapi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PTILINK3"
.\debug.cpp(400) : Destination "\Device\ParTechInc2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Shadow"
.\debug.cpp(400) : Destination "\Device\LanmanRedirector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\FtControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455641-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{85A55D3A-7DA6-43B0-9943-4B4E00596163}"
.\debug.cpp(400) : Destination "\Device\{85A55D3A-7DA6-43B0-9943-4B4E00596163}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1039&DEV_7001&SUBSYS_2A04103C&REV_0F#3&61aaa01&1&19#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0006"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\mbr"
.\debug.cpp(400) : Destination "\Device\mbr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface"
.\debug.cpp(400) : Destination "\Device\AGRSM_xface"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000003a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{111DE8A1-C11E-40A4-915E-1B1A086945C1}"
.\debug.cpp(400) : Destination "\Device\{111DE8A1-C11E-40A4-915E-1B1A086945C1}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Ctl"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Ctl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\V1394#NIC1394#c1fabde01800#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000065"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&30a96598&0&SignatureA342EF6FOffset1514D6000Length38E6C02000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455647-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk4\DP(1)0-0+a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{32FAA37B-F721-4C07-A7A6-AFEC5F3207FC}"
.\debug.cpp(400) : Destination "\Device\{32FAA37B-F721-4C07-A7A6-AFEC5F3207FC}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\00000039"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{60455644-7829-11da-8c3d-806d6172696f}"
.\debug.cpp(400) : Destination "\Device\Harddisk1\DP(1)0-0+7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems PCI Soft Modem"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0011"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{4A19F0D2-533C-4F9D-9130-FB77FAA4CDBF}"
.\debug.cpp(400) : Destination "\Device\{4A19F0D2-533C-4F9D-9130-FB77FAA4CDBF}"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&19a1ba9&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#4&23c22063&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination "\Device\Parallel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AVGIDS_Evt"
.\debug.cpp(400) : Destination "\Device\AVGIDS_Evt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#RemovableMedia#7&168e5ac5&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Harddisk3\DP(1)0-0+9"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`514d6000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: d0092ea8b49beb951c2a605cc98c7847
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 232 GB \\.\PhysicalDrive0 Unknown boot code
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1119) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1121) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1122) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1126) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1127) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1130) :
.\boot_cleaner.cpp(1152) : Done;
 
The 64bit wont run, states 'not a valid win32 application. The link for 32 seems to be ready to run. Im pretty sure I have 64, is this a problem?
 
ListParts by Farbar
Ran by Compaq_Owner on 03-02-2012 at 01:09:53
Windows XP (X86)
Running From: C:\Documents and Settings\Compaq_Owner\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 68%
Total physical RAM: 1407.48 MB
Available physical RAM: 446.42 MB
Total Pagefile: 4258.8 MB
Available Pagefile: 3194.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1996.54 MB

======================= Partitions =========================

1 Drive c: (PRESARIO) (Fixed) (Total:227.61 GB) (Free:195.84 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (PRESARIO_RP) (Fixed) (Total:5.26 GB) (Free:0.67 GB) FAT32 ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 5397 MB 32 KB
Partition 2 Primary 228 GB 5397 MB

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D PRESARIO_RP FAT32 Partition 5397 MB Healthy

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C PRESARIO NTFS Partition 228 GB Healthy System (partition with boot components)


****** End Of Log ******
 
That looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I ran appremover for AVG 2012 & did combofix. I did a cp search to assure AVG was thoroughly removed
& still has 2 folders in 'D' ...is that normal?
I dont have the AVG reinstall program so I cant add it again. I restarted Spybot & Windows firewall.

Since restart, spybot has popups asking that registry value deleted entry 'NoDrives' ...I allowed twice.
Now popup- registry value added w/entry "NoDrives".
Havent allowed yet? Should I?

Also a pop-up stating "Internet Explorer is not your default browser
... Make IE my default browser" I allowed. All ok here?


Here are the combofix logs:

ComboFix 12-02-03.02 - Compaq_Owner 02/03/2012 14:08:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.922 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.YOUR-71A232D1A6\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\Internet Explorer\SET25.tmp
c:\program files\Internet Explorer\SET26.tmp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\ps2.bat
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-01-23 09:45 . 2012-01-23 09:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-23 09:42 . 2012-01-23 09:42 -------- d-----w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2012-01-22 15:24 . 2012-01-22 15:24 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy(2).sys
2012-01-10 18:29 . 2012-01-10 18:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-10 09:07 . 2012-01-10 09:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 18:29 . 2011-02-16 10:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2011-09-04 06:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 07:12 . 2011-10-04 09:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-10-29 02:23 1859584 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^CD-MENU.LNK]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\CD-MENU.LNK
backup=c:\windows\pss\CD-MENU.LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" /autorun
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"KBD"=c:\hp\KBD\KBD.EXE
"AlcxMonitor"=ALCXMNTR.EXE
"IgfxTray"=c:\windows\system32\igfxtray.exe
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\unins000.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\unins001.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\Driver\\7\\Intel 32\\IDriver.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\unins001.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/11/2008 6:10 PM 206096]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 3:09 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 3:09 AM 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/4/2011 5:12 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-28 c:\windows\Tasks\cleanmgr.job
- c:\windows\system32\cleanmgr.exe [2004-10-29 00:12]
.
2012-01-31 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-10-29 00:12]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:09]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:09]
.
2012-02-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-02-22 20:31]
.
2012-01-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-22 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/welcome?.gx=1&.tm=1284110515&.rand=8fmpmti9imgv5
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: bankofamerica.com\allmyaccounts
Trusted Zone: bankofamerica.com\onlineeast2
Trusted Zone: ebay.com\cgi
Trusted Zone: ebay.com\cgi5
Trusted Zone: ebay.com\my
Trusted Zone: ebay.com\offer
Trusted Zone: ebay.com\signin
Trusted Zone: ebay.com\www
Trusted Zone: googleusercontent.com\webcache
Trusted Zone: plaxo.com\www
Trusted Zone: usps.com\sss-web
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\us.mc558.mail
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AROReminder - c:\program files\Advanced Registry Optimizer\ARO.exe
MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-ERUNT_is1 - l:\erunt\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2932)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
.
**************************************************************************
.
Completion time: 2012-02-03 14:19:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 19:19
.
Pre-Run: 210,544,402,432 bytes free
Post-Run: 210,488,561,664 bytes free
.
- - End Of File - - CF294E3EB45C94C06A8CDC536BD49822
 
Go ahead and allow Spybot whatever it wants.

Also a pop-up stating "Internet Explorer is not your default browser
... Make IE my default browser" I allowed. All ok here?
Click to expand...
Yes.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\mbamswissarmy(2).sys

Folder::
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ

DDS::
Trusted Zone: bankofamerica.com\allmyaccounts
Trusted Zone: bankofamerica.com\onlineeast2
Trusted Zone: ebay.com\cgi
Trusted Zone: ebay.com\cgi5
Trusted Zone: ebay.com\my
Trusted Zone: ebay.com\offer
Trusted Zone: ebay.com\signin
Trusted Zone: ebay.com\www
Trusted Zone: googleusercontent.com\webcache
Trusted Zone: plaxo.com\www
Trusted Zone: usps.com\sss-web
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\us.mc558.mail

Registry::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-03.02 - Compaq_Owner 02/03/2012 18:21:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.999 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\mbamswissarmy(2).sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
c:\windows\system32\drivers\mbamswissarmy(2).sys
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-01-23 09:45 . 2012-01-23 09:45 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-10 18:29 . 2012-01-10 18:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-10 09:07 . 2012-01-10 09:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 18:29 . 2011-02-16 10:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-10 20:24 . 2011-09-04 06:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 07:12 . 2011-10-04 09:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-10-29 02:23 1859584 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^CD-MENU.LNK]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\CD-MENU.LNK
backup=c:\windows\pss\CD-MENU.LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 14:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2004-04-14 19:46 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2003-09-13 03:13 98304 ----a-w- c:\windows\system32\ps2.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-10-25 23:58 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" /autorun
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
"KBD"=c:\hp\KBD\KBD.EXE
"AlcxMonitor"=ALCXMNTR.EXE
"IgfxTray"=c:\windows\system32\igfxtray.exe
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\unins000.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\unins001.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SDUpdate.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\Driver\\7\\Intel 32\\IDriver.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\unins001.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/11/2008 6:10 PM 206096]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 3:09 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2010 3:09 AM 135664]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/4/2011 5:12 AM 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-28 c:\windows\Tasks\cleanmgr.job
- c:\windows\system32\cleanmgr.exe [2004-10-29 00:12]
.
2012-01-31 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2004-10-29 00:12]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:09]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:09]
.
2012-02-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-02-22 20:31]
.
2012-01-29 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-22 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mc558.mail.yahoo.com/mc/welcome?.gx=1&.tm=1284110515&.rand=8fmpmti9imgv5
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} - hxxp://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 18:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-02-03 18:29:02
ComboFix-quarantined-files.txt 2012-02-03 23:28
ComboFix2.txt 2012-02-03 19:19
.
Pre-Run: 210,495,172,608 bytes free
Post-Run: 210,486,628,352 bytes free
.
- - End Of File - - D1873452E72E6F7895769109918060EE
 
Good :)

How is computer doing?

You can reinstall AVG now.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
alright, computer seems to be doing well?! :)
Two small but good changes noted ...yahoo mail doesnt have a constant
'hourglass' (thinking) icon on the pointer & Im able to make the spybot pop-up window larger to view entire contents :) ...small but significant!
reinstalled AVG also

Here's the new logs below:
 
Too long ...have to break it up

OTL logfile created on: 2/3/2012 9:46:23 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 60.25% Memory free
4.16 Gb Paging File | 3.73 Gb Available in Paging File | 89.59% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.61 Gb Total Space | 195.69 Gb Free Space | 85.98% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.67 Gb Free Space | 12.83% Space Free | Partition Type: FAT32

Computer Name: YOUR-71A232D1A6 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2008/11/18 16:46:10 | 000,364,704 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2008/11/18 16:46:04 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/11/18 16:46:02 | 000,056,752 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2008/11/14 12:25:28 | 000,664,080 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2008/11/14 12:25:28 | 000,311,312 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2008/11/14 12:25:24 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2008/11/14 12:25:20 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2008/11/14 12:25:18 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/22 14:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/04/14 13:31:01 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 10:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 10:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/06/29 19:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/05/08 19:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/welcome?.gx=1&.tm=1284110515&.rand=8fmpmti9imgv5
IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2010/07/07 10:33:00 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 19:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/03 21:39:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/03 21:30:10 | 000,440,389 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15164 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent File not found
O4 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab (Reg Error: Value error.)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8896D987-AD6F-4C73-B822-D35C5D8F3F6B}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop Components:0 () - http://images.player.virginradio.co.uk/player2/gr/title.png
O24 - Desktop Components:1 () - https://www.infinityauto.com/images/shim.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 23:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 21:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
[2012/02/03 21:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/03 21:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/03 21:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/02/03 21:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/03 21:29:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/03 21:27:07 | 003,968,384 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Compaq_Owner\Desktop\avg_free_stb_all_2012_1913_cnet.exe
[2012/02/03 18:20:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 14:06:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/03 14:06:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/03 14:06:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/03 14:06:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/03 13:15:30 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2012/02/03 13:09:24 | 004,394,794 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2012/02/02 00:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\bootkit_remover
[2012/02/02 00:18:49 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/01 22:14:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2012/01/23 04:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Bubble Glass AHsoho OF
[2012/01/23 04:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/23 04:44:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/01/22 06:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT
[2012/01/22 04:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\My Shortcuts
[2012/01/16 03:38:11 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
[2012/01/10 05:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/05 04:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Health Dental

========== Files - Modified Within 30 Days ==========

[2012/02/03 21:41:19 | 057,146,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/03 21:39:34 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/03 21:30:10 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/03 21:27:08 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Compaq_Owner\Desktop\avg_free_stb_all_2012_1913_cnet.exe
[2012/02/03 18:38:27 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-213010.backup
[2012/02/03 18:26:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-183827.backup
[2012/02/03 18:18:12 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Windows Firewall.lnk
[2012/02/03 18:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 14:15:20 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/02/03 14:15:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-142047.backup
[2012/02/03 14:15:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 14:14:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 14:14:58 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 13:25:53 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Using AppRemover — OPSWAT AppRemover.url
[2012/02/03 13:15:45 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2012/02/03 13:11:33 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Always something about blank! trogans--2 wks ago Win32.Eyeon -may still have LOGS - TechSpot OpenBoards.url
[2012/02/03 13:09:28 | 004,394,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2012/02/03 13:08:48 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/03 13:08:34 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-140307.backup
[2012/02/02 23:48:03 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
[2012/02/02 21:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 15:00:29 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-130834.backup
[2012/02/02 00:45:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/02/02 00:19:09 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/01 22:21:59 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Manual Removal Guide for Win32.Eyeon.ie - Safer-Networking Forums.url
[2012/02/01 22:14:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2012/02/01 21:56:10 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120202-150029.backup
[2012/02/01 21:44:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
[2012/02/01 21:40:49 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 20:34:13 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-215610.backup
[2012/02/01 12:02:51 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-203413.backup
[2012/01/31 12:15:03 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-120251.backup
[2012/01/31 10:14:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/01/30 12:01:16 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120131-121502.backup
[2012/01/29 12:13:03 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-120116.backup
[2012/01/29 09:00:51 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/01/28 12:02:26 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120129-121303.backup
[2012/01/28 10:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\cleanmgr.job
[2012/01/27 12:14:23 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120128-120226.backup
[2012/01/26 15:01:20 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120127-121423.backup
[2012/01/26 01:22:21 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\My eBay Watch List.url
[2012/01/26 01:13:37 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Message View.url
[2012/01/25 12:35:13 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120126-150120.backup
[2012/01/24 12:36:52 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120125-123513.backup
[2012/01/23 15:00:44 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120124-123652.backup
[2012/01/23 06:56:44 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E-Mail Help.url
[2012/01/23 05:58:05 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Chrome Web Store - Keep My Opt-Outs.url
[2012/01/23 05:46:30 | 000,003,842 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Re ool who knew.mht
[2012/01/23 05:22:55 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Optimum Online.url
[2012/01/23 04:28:43 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/22 15:00:30 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120123-150044.backup
[2012/01/21 15:01:00 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120122-150030.backup
[2012/01/20 00:14:28 | 000,001,334 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xpsp3res.dll xpsp2res.dll xpsp1res.dll dnserror Cannot Connect to Server Fix.url
[2012/01/19 23:53:13 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120121-150100.backup
[2012/01/19 12:28:06 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-235313.backup
[2012/01/18 12:37:56 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-122806.backup
[2012/01/17 15:00:32 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120118-123755.backup
[2012/01/17 05:20:59 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120117-150032.backup
[2012/01/16 12:04:47 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120117-052059.backup
[2012/01/16 03:40:07 | 000,696,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\requested-files[2012-01-16_03_40].cab
[2012/01/16 03:38:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
[2012/01/16 02:55:24 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2012/01/16 01:38:32 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-120447.backup
[2012/01/16 01:23:29 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-013832.backup
[2012/01/16 00:01:54 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-012329.backup
[2012/01/10 13:02:23 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer - Microsoft Download Center.url
[2012/01/10 13:01:17 | 000,001,445 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office - Microsoft Download Center.url
[2012/01/10 12:56:39 | 000,542,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 12:56:39 | 000,114,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/10 05:13:25 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 04:36:50 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-000154.backup
[2012/01/10 00:59:33 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120110-043650.backup
[2012/01/08 14:00:33 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120110-005933.backup
[2012/01/05 03:22:10 | 000,001,227 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clairol Nice N Easy Hair Color #108 Natural Reddish Blonde KIT.url

========== Files Created - No Company Name ==========

[2012/02/03 21:41:19 | 057,146,209 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/03 21:39:34 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/03 18:18:12 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Windows Firewall.lnk
[2012/02/03 14:06:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/03 14:06:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/03 14:06:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/03 14:06:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/03 14:06:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/03 13:25:53 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Using AppRemover — OPSWAT AppRemover.url
[2012/02/03 13:11:33 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Always something about blank! trogans--2 wks ago Win32.Eyeon -may still have LOGS - TechSpot OpenBoards.url
[2012/02/02 23:48:03 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
[2012/02/02 00:45:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/02/01 21:44:34 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
[2012/01/26 01:13:37 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Message View.url
[2012/01/23 06:56:43 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E-Mail Help.url
[2012/01/23 05:58:05 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Chrome Web Store - Keep My Opt-Outs.url
[2012/01/23 05:46:29 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Re ool who knew.mht
[2012/01/23 05:22:55 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Optimum Online.url
[2012/01/20 00:14:28 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xpsp3res.dll xpsp2res.dll xpsp1res.dll dnserror Cannot Connect to Server Fix.url
[2012/01/16 03:40:07 | 000,696,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\requested-files[2012-01-16_03_40].cab
[2012/01/16 02:25:54 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Manual Removal Guide for Win32.Eyeon.ie - Safer-Networking Forums.url
[2012/01/10 16:20:12 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/10 13:02:23 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer - Microsoft Download Center.url
[2012/01/10 13:01:17 | 000,001,445 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office - Microsoft Download Center.url
[2012/01/10 05:13:25 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 04:55:27 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 03:22:10 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clairol Nice N Easy Hair Color #108 Natural Reddish Blonde KIT.url
[2011/12/05 08:01:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/12/11 03:21:05 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2008/03/19 13:33:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/12/31 06:23:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/12/29 06:02:28 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/29 06:02:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/06/18 22:47:15 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/04/18 02:57:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/18 02:36:29 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/14 12:13:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/11 03:18:28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/04/11 03:18:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/31 00:45:49 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/03/31 00:45:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/03/14 00:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/01/15 23:59:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/01/15 23:57:10 | 000,000,841 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/01/15 23:57:10 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/01/15 23:57:10 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/01/15 23:57:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/01/15 23:57:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2006/01/15 23:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/01/15 23:54:19 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/12/29 00:18:27 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2004/12/29 19:59:23 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/12/29 19:59:23 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2004/10/28 21:22:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/28 21:22:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/28 21:22:20 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/28 21:22:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/28 21:22:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/28 21:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/28 21:21:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/28 21:21:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/28 21:20:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/22 05:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 01:11:25 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/22 01:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/22 01:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/22 00:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 00:04:53 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/22 00:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/22 00:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/22 00:00:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/21 23:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 23:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 23:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 23:13:11 | 000,000,903 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 23:10:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/21 23:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 22:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 22:47:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/21 22:47:36 | 000,542,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/21 22:47:36 | 000,114,282 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/21 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intervideo
[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-71A232D1A6\Application Data\Intervideo
[2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-71A232D1A6\Application Data\SampleView
[2012/02/03 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/30 01:07:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/27 04:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2012/01/23 04:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/10/22 00:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2012/02/03 21:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/10/09 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/01/15 23:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/04 20:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2008/02/04 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/06/25 02:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2012/02/03 21:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
[2011/12/14 03:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CompuClever
[2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DriverCure
[2010/08/27 04:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\eBay
[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2006/04/14 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2006/06/18 22:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ScanSoft
[2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software
[2006/06/18 22:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/06/19 03:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeraCopy
[2008/02/04 16:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
[2009/01/14 16:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WholeSecurity
[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intervideo
[2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/01/23 04:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/01/28 10:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\cleanmgr.job
[2012/01/31 10:14:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job

========== Purity Check ==========
 
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/10/22 01:31:31 | 000,000,104 | ---- | M] () -- C:\.lnk
[2011/06/03 06:09:59 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/07/06 00:26:00 | 000,000,668 | ---- | M] () -- C:\aaw7boot.log
[2009/03/06 16:40:39 | 000,000,011 | ---- | M] () -- C:\AuResult.ini
[2004/10/21 23:07:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/12/29 00:15:50 | 000,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2012/01/16 02:55:24 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/03 16:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/02/03 18:29:02 | 000,010,139 | ---- | M] () -- C:\ComboFix.txt
[2004/10/21 23:07:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/10 21:12:09 | 000,458,752 | ---- | M] (Netsurfer, Inc.) -- C:\Dist32.dll
[2012/02/03 14:14:58 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
[2004/10/21 23:27:01 | 000,000,002 | -H-- | M] () -- C:\hpbi.log
[2011/10/30 13:00:26 | 006,450,479 | ---- | M] () -- C:\immudebug.log
[2012/01/04 19:00:51 | 000,007,503 | ---- | M] () -- C:\InstallHelper.log
[2004/10/21 23:07:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/18 02:57:58 | 000,000,252 | -H-- | M] () -- C:\IPH.PH
[2004/10/21 23:07:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/07/10 21:12:05 | 000,045,056 | ---- | M] (Netsurfer, Inc.) -- C:\NetUtils.dll
[2006/07/10 21:11:59 | 000,000,036 | ---- | M] () -- C:\ns_info.ini
[2004/08/03 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/25 07:12:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/10/16 02:07:10 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/02/21 01:45:04 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2012/02/03 14:14:57 | 3145,728,000 | -HS- | M] () -- C:\pagefile.sys
[2006/07/10 21:12:04 | 000,790,528 | ---- | M] (Netsurfer, Inc.) -- C:\setup32.exe
[2006/07/10 21:28:02 | 000,000,000 | ---- | M] () -- C:\SoftCast.fl
[2007/11/17 02:44:49 | 000,000,000 | ---- | M] () -- C:\SoftCast.ini

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/10/21 23:06:58 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2004/02/09 00:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/19 02:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/12/07 08:31:21 | 000,001,642 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/10/21 15:55:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/10/21 15:55:57 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/10/21 15:55:57 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/14 03:04:17 | 000,000,183 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Create & Print Home.url
[2008/09/25 07:20:40 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2004/10/21 23:26:27 | 000,010,011 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml1.srt
[2004/10/21 23:26:27 | 000,009,789 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\ml2.srt
[2004/10/21 23:26:27 | 000,010,448 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\tempdiff.txt

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/07 14:58:28 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/10/21 23:12:53 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/02/01 21:44:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
[2012/02/03 13:15:45 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2012/02/02 00:19:09 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/03 21:27:08 | 003,968,384 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Compaq_Owner\Desktop\avg_free_stb_all_2012_1913_cnet.exe
[2012/02/03 13:09:28 | 004,394,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2012/01/16 03:38:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
[2012/02/02 23:48:03 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
[2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/05/27 03:39:30 | 000,508,416 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Compaq_Owner\Desktop\SysInfo.exe
[2011/10/04 04:55:29 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2009/02/21 19:32:40 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Compaq_Owner\My Documents\spybotsd162.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/25 17:02:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/02 01:59:26 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Cookies\desktop.ini
[2012/02/03 21:45:10 | 000,098,304 | -HS- | M] () -- C:\Documents and Settings\Compaq_Owner\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 10:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 10:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 10:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 10:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 10:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 10:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 10:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/05/07 18:04:38 | 000,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
I keep getting error on submitting extras -
2.You have included 7 images in your message. You are limited to using 6 images so please go back and correct the problem and then continue again

I didnt add any smilies etc so dont know where to delete an image from.
Tried several times even breaking into two messages but no luck so I
have sent the extras.txt as an attachment. Sorry if inconvenient.
 

Attachments

  • Extras.Txt
    37.4 KB · Views: 1
Good news :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab (Reg Error: Value error.)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab (Reg Error: Value error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.


=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Happy things look good to you!
I sent the extras.txt in a separate reply as an attachment. I kept getting
an images error so wanted to let you know it came in after your
reply but was sent.
Ill be doing the new scans shortly. Thanks for all your expertise!
 
OTL logfile created on: 2/3/2012 11:18:54 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 60.03% Memory free
4.16 Gb Paging File | 3.72 Gb Available in Paging File | 89.34% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.61 Gb Total Space | 195.65 Gb Free Space | 85.96% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.67 Gb Free Space | 12.83% Space Free | Partition Type: FAT32

Computer Name: YOUR-71A232D1A6 | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (No Company Name) ==========

MOD - [2008/11/18 16:46:10 | 000,364,704 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2008/11/18 16:46:04 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/11/18 16:46:02 | 000,056,752 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2008/11/14 12:25:28 | 000,664,080 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2008/11/14 12:25:28 | 000,311,312 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2008/11/14 12:25:24 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2008/11/14 12:25:20 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2008/11/14 12:25:18 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/22 14:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/11/18 16:46:00 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/04/14 13:31:01 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2005/12/12 16:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/04/20 10:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/12 10:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 10:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/06/29 19:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/05/08 19:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/12 00:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc558.mail.yahoo.com/mc/welcome?.gx=1&.tm=1284110515&.rand=8fmpmti9imgv5
IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2010/07/07 10:33:00 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 19:32:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/03 21:39:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/02/03 21:30:10 | 000,440,389 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15164 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Advertising Cookie Opt-out) - {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll (Google Inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent File not found
O4 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/download/WebDiag.4.5.8056.1-ship-WD.V1.cab (Reg Error: Value error.)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://ak.imgag.com/imgag/cp/install/Crusher.cab (Creative Toolbox Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.2 167.206.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8896D987-AD6F-4C73-B822-D35C5D8F3F6B}: DhcpNameServer = 167.206.254.2 167.206.254.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - (WRLogonNTF.dll) - File not found
O24 - Desktop Components:0 () - http://images.player.virginradio.co.uk/player2/gr/title.png
O24 - Desktop Components:1 () - https://www.infinityauto.com/images/shim.gif
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/21 23:07:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/03 22:28:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/03 21:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
[2012/02/03 21:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/03 21:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/03 21:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/02/03 21:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/03 21:29:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/03 18:20:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 14:06:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/03 14:06:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/03 14:06:54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/03 14:06:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/03 13:15:30 | 009,200,064 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2012/02/03 13:09:24 | 004,394,794 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2012/02/02 00:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\bootkit_remover
[2012/02/02 00:18:49 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/01 22:14:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2012/01/23 04:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Bubble Glass AHsoho OF
[2012/01/23 04:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/23 04:44:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2012/01/22 06:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT
[2012/01/22 04:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\My Shortcuts
[2012/01/16 03:38:11 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
[2012/01/10 05:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/05 04:30:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Health Dental

========== Files - Modified Within 30 Days ==========

[2012/02/03 22:14:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/03 21:41:19 | 057,146,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/03 21:39:34 | 000,000,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/03 21:30:10 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/03 21:29:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2012/02/03 18:38:27 | 000,440,389 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-213010.backup
[2012/02/03 18:26:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-183827.backup
[2012/02/03 18:18:12 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Windows Firewall.lnk
[2012/02/03 14:15:20 | 000,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2012/02/03 14:15:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-142047.backup
[2012/02/03 14:15:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/03 14:14:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/03 14:14:58 | 1475,923,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 13:25:53 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Using AppRemover — OPSWAT AppRemover.url
[2012/02/03 13:15:45 | 009,200,064 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\AppRemover.exe
[2012/02/03 13:11:33 | 000,000,566 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Always something about blank! trogans--2 wks ago Win32.Eyeon -may still have LOGS - TechSpot OpenBoards.url
[2012/02/03 13:09:28 | 004,394,794 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2012/02/03 13:08:48 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/02/03 13:08:34 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-140307.backup
[2012/02/02 23:48:03 | 000,303,059 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
[2012/02/02 21:14:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/02 15:00:29 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120203-130834.backup
[2012/02/02 00:45:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/02/02 00:19:09 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Owner\Desktop\aswMBR.exe
[2012/02/01 22:21:59 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Manual Removal Guide for Win32.Eyeon.ie - Safer-Networking Forums.url
[2012/02/01 22:14:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
[2012/02/01 21:56:10 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120202-150029.backup
[2012/02/01 21:44:38 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
[2012/02/01 21:40:49 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 20:34:13 | 000,441,137 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-215610.backup
[2012/02/01 12:02:51 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-203413.backup
[2012/01/31 12:15:03 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120201-120251.backup
[2012/01/31 10:14:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2012/01/30 12:01:16 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120131-121502.backup
[2012/01/29 12:13:03 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120130-120116.backup
[2012/01/29 09:00:51 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/01/28 12:02:26 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120129-121303.backup
[2012/01/28 10:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\cleanmgr.job
[2012/01/27 12:14:23 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120128-120226.backup
[2012/01/26 15:01:20 | 000,441,051 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120127-121423.backup
[2012/01/26 01:22:21 | 000,000,474 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\My eBay Watch List.url
[2012/01/26 01:13:37 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Message View.url
[2012/01/25 12:35:13 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120126-150120.backup
[2012/01/24 12:36:52 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120125-123513.backup
[2012/01/23 15:00:44 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120124-123652.backup
[2012/01/23 06:56:44 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E-Mail Help.url
[2012/01/23 05:58:05 | 000,001,074 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Chrome Web Store - Keep My Opt-Outs.url
[2012/01/23 05:46:30 | 000,003,842 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Re ool who knew.mht
[2012/01/23 05:22:55 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Optimum Online.url
[2012/01/23 04:28:43 | 000,200,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/22 15:00:30 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120123-150044.backup
[2012/01/21 15:01:00 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120122-150030.backup
[2012/01/20 00:14:28 | 000,001,334 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xpsp3res.dll xpsp2res.dll xpsp1res.dll dnserror Cannot Connect to Server Fix.url
[2012/01/19 23:53:13 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120121-150100.backup
[2012/01/19 12:28:06 | 000,440,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-235313.backup
[2012/01/18 12:37:56 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120119-122806.backup
[2012/01/17 15:00:32 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120118-123755.backup
[2012/01/17 05:20:59 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120117-150032.backup
[2012/01/16 12:04:47 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120117-052059.backup
[2012/01/16 03:40:07 | 000,696,256 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\requested-files[2012-01-16_03_40].cab
[2012/01/16 03:38:12 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt-setup.exe
[2012/01/16 02:55:24 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2012/01/16 01:38:32 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-120447.backup
[2012/01/16 01:23:29 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-013832.backup
[2012/01/16 00:01:54 | 000,440,088 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-012329.backup
[2012/01/10 13:02:23 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer - Microsoft Download Center.url
[2012/01/10 13:01:17 | 000,001,445 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office - Microsoft Download Center.url
[2012/01/10 12:56:39 | 000,542,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/10 12:56:39 | 000,114,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/10 05:13:25 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 04:36:50 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120116-000154.backup
[2012/01/10 00:59:33 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120110-043650.backup
[2012/01/08 14:00:33 | 000,439,961 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120110-005933.backup
[2012/01/05 03:22:10 | 000,001,227 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clairol Nice N Easy Hair Color #108 Natural Reddish Blonde KIT.url

========== Files Created - No Company Name ==========

[2012/02/03 21:41:19 | 057,146,209 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/03 21:39:34 | 000,000,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/03 18:18:12 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Shortcut to Windows Firewall.lnk
[2012/02/03 14:06:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/03 14:06:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/03 14:06:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/03 14:06:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/03 14:06:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/03 13:25:53 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Using AppRemover — OPSWAT AppRemover.url
[2012/02/03 13:11:33 | 000,000,566 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Always something about blank! trogans--2 wks ago Win32.Eyeon -may still have LOGS - TechSpot OpenBoards.url
[2012/02/02 23:48:03 | 000,303,059 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ListParts.exe
[2012/02/02 00:45:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\MBR.dat
[2012/02/01 21:44:34 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\236z4vxp.exe
[2012/01/26 01:13:37 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Message View.url
[2012/01/23 06:56:43 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\E-Mail Help.url
[2012/01/23 05:58:05 | 000,001,074 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Chrome Web Store - Keep My Opt-Outs.url
[2012/01/23 05:46:29 | 000,003,842 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Re ool who knew.mht
[2012/01/23 05:22:55 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Optimum Online.url
[2012/01/20 00:14:28 | 000,001,334 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\xpsp3res.dll xpsp2res.dll xpsp1res.dll dnserror Cannot Connect to Server Fix.url
[2012/01/16 03:40:07 | 000,696,256 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\requested-files[2012-01-16_03_40].cab
[2012/01/16 02:25:54 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Manual Removal Guide for Win32.Eyeon.ie - Safer-Networking Forums.url
[2012/01/10 16:20:12 | 000,200,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/10 13:02:23 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Internet Explorer - Microsoft Download Center.url
[2012/01/10 13:01:17 | 000,001,445 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Microsoft Office - Microsoft Download Center.url
[2012/01/10 05:13:25 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/01/10 04:55:27 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/05 03:22:10 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Clairol Nice N Easy Hair Color #108 Natural Reddish Blonde KIT.url
[2011/12/05 08:01:36 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/12/11 03:21:05 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2008/03/19 13:33:52 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/12/31 06:23:49 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/12/29 06:02:28 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/29 06:02:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/06/18 22:47:15 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2006/04/18 02:57:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/18 02:36:29 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/14 12:13:59 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/11 03:18:28 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/04/11 03:18:04 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/03/31 00:45:49 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/03/31 00:45:25 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/03/14 00:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2006/01/15 23:59:33 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/01/15 23:57:10 | 000,000,841 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/01/15 23:57:10 | 000,000,462 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/01/15 23:57:10 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/01/15 23:57:10 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/01/15 23:57:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2006/01/15 23:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2006/01/15 23:54:19 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/12/29 00:18:27 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2004/12/29 19:59:23 | 000,190,524 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/12/29 19:59:23 | 000,103,579 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/12/21 11:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2004/10/28 21:22:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/10/28 21:22:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/10/28 21:22:20 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/10/28 21:22:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/10/28 21:22:10 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/10/28 21:21:47 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/10/28 21:21:47 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/10/28 21:21:17 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/10/28 21:20:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/10/22 05:16:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/22 01:11:25 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-6.3.2.62.exe
[2004/10/22 01:09:10 | 000,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/22 01:08:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/22 00:57:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/22 00:04:53 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2004/10/22 00:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2004/10/22 00:00:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2004/10/22 00:00:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2004/10/21 23:28:28 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 23:28:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 23:27:01 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 23:13:11 | 000,000,903 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 23:10:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/10/21 23:04:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/10/21 22:48:55 | 000,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 22:47:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/21 22:47:36 | 000,542,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/10/21 22:47:36 | 000,114,282 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/10/21 15:57:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/09/14 01:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 05:14:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 05:14:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2003/04/11 01:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Intervideo
[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-71A232D1A6\Application Data\Intervideo
[2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.YOUR-71A232D1A6\Application Data\SampleView
[2012/02/03 21:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/30 01:07:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/27 04:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2012/01/23 04:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2004/10/22 00:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2012/02/03 21:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/10/09 01:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2006/01/15 23:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/04 20:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2008/02/04 16:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/06/25 02:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2012/02/03 21:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\AVG2012
[2011/12/14 03:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\CompuClever
[2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DriverCure
[2010/08/27 04:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\eBay
[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Intervideo
[2006/04/14 12:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2006/06/18 22:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ScanSoft
[2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software
[2006/06/18 22:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2011/06/19 03:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TeraCopy
[2008/02/04 16:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ulead Systems
[2009/01/14 16:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WholeSecurity
[2004/10/22 00:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Intervideo
[2004/10/22 01:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/01/23 04:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/01/28 10:01:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\cleanmgr.job
[2012/01/31 10:14:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< DRV - [2008/11/12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) >
Invalid Switch: 12 02:39:37 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)


< O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. >

< O3 - HKU\S-1-5-21-2985681006-1005890449-1192416854-1009\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. >

< O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (Reg Error: Value error.) >
Invalid Switch: ipixx.cab (Reg Error: Value error.)


< O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqcpqdktp/...ds/sysinfo.cab (Reg Error: Value error.) >
Invalid Switch: sysinfo.cab (Reg Error: Value error.)


< O16 - DPF: {A5A76EA0-7B92-4707-9DBF-6F6FE56A6800} http://scan.networkmagic.com/nmscan/...ship-WD.V1.cab (Reg Error: Value error.) >
Invalid Switch: ...ship-WD.V1.cab (Reg Error: Value error.)


< O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)


< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)


< [2011/12/14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software >
Invalid Switch: 14 04:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software


< [2011/12/14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software >
Invalid Switch: 14 03:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SpeedyPC Software


< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyjava] >

< [emptyflash] >

< [Reboot] >

< End of report >
 
here is security check & Fss. Rest to follow...

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
MVPS Hosts File
Spybot - Search & Destroy 1.4
Spybot - Search & Destroy
McAfee SiteAdvisor
IE SpyAd
CCleaner
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


-------------------------------------------------------------------------------------------------

Farbar Service Scanner Version: 02-02-2012
Ran by Compaq_Owner (administrator) on 03-02-2012 at 23:39:23
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0B00000004000000010000000200000003000000090000000A0000000B00000005000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****
 
You must log in or register to reply here.

Similar threads

D
Windows 11 sees a major spike in market share as Windows 10 nears its official EOL
Replies
18
Views
239
Later
Later
Daniel Sims
End of Windows 10 support this year threatens over 60% of active Windows PCs
2 3 4
Replies
90
Views
2K
DrkKnight
D
A
Third-party tool "Rebound 11" aims to improve the Windows 11 UI, while keeping system files intact
Replies
6
Views
338
Alfonso Maruccia
A

Latest posts

Back