Solved Can you check my log

S

sabres

Posts: 22   +0
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7622

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/15/2011 12:45:03 AM
mbam-log-2011-12-15 (00-45-03).txt

Scan type: Quick scan
Objects scanned: 160333
Time elapsed: 9 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BD4438C-2511-4B93-AD34-2BDCD0FF78D2} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Value: {81705D67-3F73-4983-859B-97D0922E5ABE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Value: {81705D67-3F73-4983-859B-97D0922E5ABE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Value: {81705D67-3F73-4983-859B-97D0922E5ABE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{81705D67-3F73-4983-859B-97D0922E5ABE} (Trojan.FakeAlert) -> Value: {81705D67-3F73-4983-859B-97D0922E5ABE} -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Jim\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-15 00:58:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340016A rev.3.10
Running: cbxgdd1h.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\kgddrfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-15 00:58:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340016A rev.3.10
Running: cbxgdd1h.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\kgddrfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-15 00:58:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340016A rev.3.10
Running: cbxgdd1h.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\kgddrfob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/12/2007 5:30:09 PM
System Uptime: 12/15/2011 12:47:29 AM (1 hours ago)
.
Motherboard: Dell Computer Corporation | | Dimension 4300
Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | Microprocessor | 1594/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 19.9 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP959: 9/15/2011 8:30:03 AM - Software Distribution Service 3.0
RP960: 9/18/2011 6:20:55 PM - System Checkpoint
RP961: 9/21/2011 9:04:29 AM - System Checkpoint
RP962: 9/23/2011 8:22:16 AM - System Checkpoint
RP963: 9/24/2011 4:35:47 PM - System Checkpoint
RP964: 9/25/2011 8:53:56 PM - System Checkpoint
RP965: 9/27/2011 8:52:44 AM - System Checkpoint
RP966: 9/28/2011 9:21:45 AM - Software Distribution Service 3.0
RP967: 10/1/2011 6:38:01 PM - System Checkpoint
RP968: 10/8/2011 9:54:02 PM - System Checkpoint
RP969: 10/10/2011 11:11:55 AM - System Checkpoint
RP970: 10/12/2011 1:15:59 AM - Software Distribution Service 3.0
RP971: 10/14/2011 10:15:06 AM - System Checkpoint
RP972: 10/15/2011 10:39:49 PM - System Checkpoint
RP973: 10/17/2011 9:40:11 AM - System Checkpoint
RP974: 10/18/2011 10:35:10 AM - System Checkpoint
RP975: 10/24/2011 11:22:57 PM - Installed Windows Internet Explorer 8.
RP976: 10/24/2011 11:25:02 PM - Software Distribution Service 3.0
RP977: 10/25/2011 12:13:31 AM - Software Distribution Service 3.0
RP978: 10/26/2011 12:37:19 AM - System Checkpoint
RP979: 10/29/2011 10:06:56 AM - System Checkpoint
RP980: 10/31/2011 9:47:01 AM - System Checkpoint
RP981: 11/1/2011 10:05:53 AM - System Checkpoint
RP982: 11/2/2011 10:32:42 AM - System Checkpoint
RP983: 11/4/2011 5:44:01 PM - System Checkpoint
RP984: 11/7/2011 12:46:11 PM - System Checkpoint
RP985: 11/8/2011 1:08:28 PM - System Checkpoint
RP986: 11/10/2011 2:01:38 PM - Software Distribution Service 3.0
RP987: 11/11/2011 12:00:23 PM - Software Distribution Service 3.0
RP988: 11/12/2011 6:24:04 PM - System Checkpoint
RP989: 11/13/2011 6:59:49 PM - System Checkpoint
RP990: 11/15/2011 9:11:59 AM - System Checkpoint
RP991: 11/16/2011 10:11:59 AM - System Checkpoint
RP992: 11/19/2011 11:16:13 AM - System Checkpoint
RP993: 11/20/2011 1:00:03 PM - System Checkpoint
RP994: 11/21/2011 8:42:56 PM - System Checkpoint
RP995: 11/22/2011 9:48:01 PM - System Checkpoint
RP996: 11/23/2011 11:14:53 PM - System Checkpoint
RP997: 11/25/2011 8:09:15 AM - System Checkpoint
RP998: 11/26/2011 8:52:49 AM - System Checkpoint
RP999: 11/27/2011 9:49:54 AM - System Checkpoint
RP1000: 11/28/2011 9:58:14 AM - System Checkpoint
RP1001: 11/29/2011 12:31:08 PM - System Checkpoint
RP1002: 11/29/2011 1:54:54 PM - Software Distribution Service 3.0
RP1003: 12/1/2011 12:17:22 PM - System Checkpoint
RP1004: 12/2/2011 12:57:30 PM - System Checkpoint
RP1005: 12/3/2011 5:50:40 PM - System Checkpoint
RP1006: 12/7/2011 12:04:30 PM - System Checkpoint
RP1007: 12/9/2011 10:29:49 AM - System Checkpoint
RP1008: 12/10/2011 11:22:49 AM - System Checkpoint
RP1009: 12/11/2011 11:53:12 AM - System Checkpoint
RP1010: 12/12/2011 8:47:09 AM - Restore Operation
RP1011: 12/12/2011 8:53:04 AM - Restore Operation
RP1012: 12/12/2011 10:30:25 AM - Installed Symantec AntiVirus
RP1013: 12/13/2011 11:19:12 AM - System Checkpoint
RP1014: 12/14/2011 12:33:42 AM - Removed Symantec AntiVirus
RP1015: 12/14/2011 12:47:34 AM - ARO 2011 - Before Installation
RP1016: 12/14/2011 12:48:58 AM - ARO 2011 - FIRST RUN
RP1017: 12/14/2011 1:06:24 AM - ARO 2011 Wed, Dec 14, 11 01:06
.
==== Installed Programs ======================
.
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
ArcSoft PhotoStudio 5.5
ArcSoft VideoImpression 2
Ask Toolbar
AutoUpdate
AVG 2011
AVG PC Tuneup 2011
AVS DVD Copy version 1.4
Bing Bar
CA eTrust PestPatrol
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DivX
DocProc
DWGeditor
eDrawings 2007
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Diagnostic Assistant
HP Image Zone 4.0
HP Photo Imaging Software
HP Photo Printing Software
hp photosmart 1115 series
hp photosmart printer series (Remove only)
HP Scanjet 4070
HP Software Update
HP Unload DLL Patch
hpg4070
HPSystemDiagnostics
InstallMgr
InstantShare
Java 2 Runtime Environment, SE v1.4.2_04
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works 7.0
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Overland
PhotoGallery
Polaroid Digital Camera
PowerDVD
PrintScreen
QFolder
QuickProjects
RealPlayer
RealUpgrade 1.0
Rhapsody Player Engine
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
SkinsHP1
SolidWorks 2007 SP04
SolidWorks Explorer 2007 sp04
SolidWorks Installation Manager
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Veetle TV 0.9.18
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
12/15/2011 12:48:32 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/14/2011 12:41:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdix Tcpip
12/14/2011 12:41:08 AM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
12/14/2011 12:41:08 AM, error: Service Control Manager [7003] - The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec
12/14/2011 12:41:08 AM, error: Service Control Manager [7003] - The IPSEC Services service depends on the following nonexistent service: IPSec
12/14/2011 12:41:08 AM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
12/14/2011 12:41:08 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 12:41:08 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 12:38:10 AM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
12/14/2011 12:36:17 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/14/2011 1:11:33 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================

DDS.txt log is missing.
 
here is the other log
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim at 0:59:00 on 2011-12-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.104 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194914481343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 69.1.30.50 69.1.30.51
TCP: Interfaces\{EEEECEDD-60D7-44C4-984D-291318FEA14B} : DhcpNameServer = 69.1.30.50 69.1.30.51
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: epistylar: {917f93bf-6714-4e11-8982-59db2e0f88fc} - c:\windows\system32\eeioq.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-3 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
S0 nnthmh;nnthmh;c:\windows\system32\drivers\nnthmh.sys [2010-5-27 0]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-1 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-9 1025352]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-1 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-12-15 06:34:32 -------- d-----w- c:\documents and settings\jim\application data\Malwarebytes
2011-12-15 06:34:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-15 06:34:02 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-15 06:34:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-14 06:48:23 -------- d-----w- c:\documents and settings\jim\local settings\application data\AskToolbar
2011-12-14 06:48:07 -------- d-----w- c:\program files\Ask.com
2011-12-14 06:48:01 -------- d-----w- C:\Firefox
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2001-08-18 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 1:00:50.00 ===============
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
here is the aswMBR logaswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-17 12:04:13
-----------------------------
12:04:13.734 OS Version: Windows 5.1.2600 Service Pack 3
12:04:13.734 Number of processors: 1 586 0x102
12:04:13.734 ComputerName: OWNER-CYMSTZHL7 UserName: Jim
12:04:15.375 Initialize success
12:04:36.484 AVAST engine download error: 0
12:05:02.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:05:02.234 Disk 0 Vendor: ST340016A 3.10 Size: 38166MB BusType: 3
12:05:04.328 Disk 0 MBR read successfully
12:05:04.343 Disk 0 MBR scan
12:05:04.343 Disk 0 Windows XP default MBR code
12:05:04.375 Disk 0 scanning sectors +78140160
12:05:04.515 Disk 0 scanning C:\WINDOWS\system32\drivers
12:05:38.578 Service scanning
12:05:40.718 Modules scanning
12:06:00.156 Disk 0 trace - called modules:
12:06:00.171 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:06:00.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f67ab8]
12:06:00.187 3 CLASSPNP.SYS[f8716fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f6f9c0]
12:06:00.203 Scan finished successfully
12:06:36.281 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
12:06:36.312 The log file has been saved successfully to "F:\aswMBR.txt"
 
combofix needs to update the recovery console, but i have no active internet connection, it has not been working since i got the infection, what should i do? it says shall not attempt to fix some of the serious infections
 
You never told me there was no connection.
Now I can see your MBAM database is very outdated.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
sorry yes avg discovered infection trojan horse and i have no internet connection here is the new log Farbar Service Scanner
Ran by Jim (administrator) on 17-12-2011 at 20:23:13
Microsoft Windows XP Home Edition Service Pack 3 (X86)
********************************************************

Service Check:
==============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


File Check:
===========
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2001-08-18 06:00] - [2008-04-13 13:19] - 0075264 ____A () 428317C16DA1FDFFBE45545C4317082F

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors

**** End of log ****
 
It looks like you have one network related file infected and missing registry key.

Run Combofix and for now decline recovery console installation.
 
here is the combo fix logComboFix 11-12-17.02 - Jim 12/17/2011 21:22:44.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.325 [GMT -6:00]
Running from: F:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Jim\WINDOWS
c:\program files\Common Files\Uninstall
c:\windows\$NtUninstallKB10399$
c:\windows\$NtUninstallKB10399$\3006110642\@
c:\windows\$NtUninstallKB10399$\3006110642\bckfg.tmp
c:\windows\$NtUninstallKB10399$\3006110642\cfg.ini
c:\windows\$NtUninstallKB10399$\3006110642\Desktop.ini
c:\windows\$NtUninstallKB10399$\3006110642\keywords
c:\windows\$NtUninstallKB10399$\3006110642\kwrd.dll
c:\windows\$NtUninstallKB10399$\3006110642\L\akygdmgo
c:\windows\$NtUninstallKB10399$\3006110642\lsflt7.ver
c:\windows\$NtUninstallKB10399$\3006110642\U\00000001.@
c:\windows\$NtUninstallKB10399$\3006110642\U\00000002.@
c:\windows\$NtUninstallKB10399$\3006110642\U\00000004.@
c:\windows\$NtUninstallKB10399$\3006110642\U\80000000.@
c:\windows\$NtUninstallKB10399$\3006110642\U\80000004.@
c:\windows\$NtUninstallKB10399$\3006110642\U\80000032.@
c:\windows\$NtUninstallKB10399$\95202293
c:\windows\system32\driVERs\nnthmh.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_nnthmh
-------\Service_nnthmh
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 06:34 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-14 06:48 . 2011-12-17 18:43 -------- d-----w- c:\documents and settings\Jim\Local Settings\Application Data\AskToolbar
2011-12-14 06:48 . 2011-12-14 06:48 -------- d-----w- c:\program files\Ask.com
2011-12-14 06:48 . 2011-12-14 06:48 -------- d-----w- C:\Firefox
2011-12-09 18:02 . 2011-12-09 18:02 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-12-09 15:24 . 2011-12-09 15:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2007-11-12 23:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 01:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-21 202256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
2001-09-19 16:18 45056 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2011-06-24 16:29 311296 ----a-w- c:\windows\system32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2008 6:39 PM 24652]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 8:54 AM 18864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 9:03 AM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 9:03 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 15:03]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 15:03]
.
2011-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-602162358-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-12-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-602162358-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-12-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-02-02 01:17]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 69.1.30.50 69.1.30.51
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-NavLogon - (no file)
SafeBoot-WinDefend
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-17 21:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3472)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Desktop Search\WindowsSearchIndexer.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\devldr32.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\Windows Desktop Search\WindowsSearchFilter.exe
c:\program files\Java\jre6\bin\jqs.exe
.
**************************************************************************
.
Completion time: 2011-12-17 21:39:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 03:39
.
Pre-Run: 22,890,020,864 bytes free
Post-Run: 22,961,672,192 bytes free
.
- - End Of File - - 1E87E23289CDE3427ADE0F5AFA7ABC5C
 
Uninstall Ask Toolbar, typical foistware.

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

============================================================

Combofix looks good.

Let's see if we can fix your connection...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
    Code: 
    :filefind
ipsec.sys
:reg
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\ipsec /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
removed viewpoint media player, when i try to run system look a systemlook-error comes up says script required, won't run.
 
yes sorry i missed that :( here is the log.SystemLook 30.07.11 by jpshortstuff
Log created at 14:33 on 18/12/2011 by Jim
Administrator - Elevation successful

========== filefind ==========

Searching for "ipsec.sys"
C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys -----c- 74752 bytes [14:13 15/09/2008] [05:14 04/08/2004] 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys -----c- 75264 bytes [23:47 12/11/2007] [19:19 13/04/2008] 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\system32\drivers\ipsec.sys --a---- 75264 bytes [12:00 18/08/2001] [19:19 13/04/2008] 428317C16DA1FDFFBE45545C4317082F

========== reg ==========

[HKEY_LOCAL_MACHINE\system\CurrentControls\Services|ipec]
(Unable to open key - key not found)

-= EOF =-
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
C:\WINDOWS\ServicePackFiles\i386\ipsec.sys | C:\WINDOWS\system32\drivers\ipsec.sys

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

Then...

Following steps involve registry editing. Please create new restore point before proceeding!!!

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip the file.
You'll find six files inside.
Right click on ipsec.reg file, click "Merge".
Allow registry merge.
Restart computer and see if internet works.
 
ok here is the log. how do i create a new restore point? I don't know how to do that.
ComboFix 11-12-17.02 - Jim 12/18/2011 16:43:17.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.254 [GMT -6:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 06:34 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 18:02 . 2011-12-09 18:02 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-12-09 15:24 . 2011-12-09 15:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2007-11-12 23:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-18_03.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-18 20:00 . 2011-12-18 20:00 16384 c:\windows\Temp\Perflib_Perfdata_3e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-21 202256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
2001-09-19 16:18 45056 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2011-06-24 16:29 311296 ----a-w- c:\windows\system32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 8:54 AM 18864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 9:03 AM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 9:03 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 15:03]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 15:03]
.
2011-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-602162358-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-12-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-602162358-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 69.1.30.50 69.1.30.51
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 16:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1212)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-18 16:56:28
ComboFix-quarantined-files.txt 2011-12-18 22:56
ComboFix2.txt 2011-12-18 03:39
.
Pre-Run: 23,219,826,688 bytes free
Post-Run: 23,211,032,576 bytes free
.
- - End Of File - - 389226C8DC24DF22E139D8D8A8C66E9D
 
i redid i hope it is correct this time ComboFix 11-12-17.02 - Jim 12/18/2011 18:36:52.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.227 [GMT -6:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\ipsec.sys --> c:\windows\system32\drivers\ipsec.sys
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\documents and settings\Jim\Application Data\Malwarebytes
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-15 06:34 . 2011-12-15 06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 06:34 . 2011-08-31 23:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 18:02 . 2011-12-09 18:02 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2011-12-09 15:24 . 2011-12-09 15:24 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2007-11-12 23:25 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2001-08-18 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2001-08-18 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2001-08-18 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-18_03.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-18 20:00 . 2011-12-18 20:00 16384 c:\windows\Temp\Perflib_Perfdata_3e0.dat
+ 2001-08-18 12:00 . 2008-04-13 19:19 75264 c:\windows\system32\dllcache\ipsec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-21 202256]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-3-26 257752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CXMon]
2001-09-19 16:18 45056 -c--a-w- c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2011-06-24 16:29 311296 ----a-w- c:\windows\system32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 8:54 AM 18864]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 9:03 AM 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/1/2010 9:03 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 15:03]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-01 15:03]
.
2011-12-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-602162358-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
2011-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-602162358-1801674531-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 69.1.30.50 69.1.30.51
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-18 18:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-18 18:49:36
ComboFix-quarantined-files.txt 2011-12-19 00:49
ComboFix2.txt 2011-12-18 22:56
ComboFix3.txt 2011-12-18 03:39
.
Pre-Run: 23,219,273,728 bytes free
Post-Run: 23,206,486,016 bytes free
.
- - End Of File - - 816FAE95AE87D0101BB98D7EA996A264
 
ok i restarted and the internet works, i'm on that computer now was using laptop before :) also i removed avg with appremover like you said so no anti-virus on this machine anymore.
 
Good news :)

Re-run Combofix and allow recovery console installation.

When done you can reinstall AVG.

Then...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
yes ran combofix and installed avg
OTL logfile created on: 12/18/2011 9:31:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.01 Mb Total Physical Memory | 141.11 Mb Available Physical Memory | 27.61% Memory free
2.47 Gb Paging File | 1.89 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 21.12 Gb Free Space | 56.67% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.23 Gb Free Space | 96.97% Space Free | Partition Type: FAT32

Computer Name: OWNER-CYMSTZHL7 | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/18 21:28:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2011/12/18 21:23:36 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/18 21:23:32 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/21 10:57:44 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/26 22:44:06 | 000,159,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
PRC - [2001/10/25 08:55:01 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/18 21:23:36 | 000,869,216 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/18 21:23:32 | 001,574,240 | ---- | M] () -- C:\Program Files\AVG Secure Search\9.0.0.21\AVG Secure Search_toolbar.dll
MOD - [2011/12/18 21:23:32 | 000,892,768 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/12 00:18:39 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_78bcfa50\mscorlib.dll
MOD - [2011/10/12 00:18:31 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9d1f7c6b\system.drawing.dll
MOD - [2011/10/12 00:18:18 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_d66b507e\system.xml.dll
MOD - [2011/10/12 00:18:05 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_35c6de4a\system.windows.forms.dll
MOD - [2011/10/12 00:17:40 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_a78a731d\system.dll
MOD - [2011/10/12 00:17:19 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2007/11/30 22:52:15 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/11/30 22:52:13 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/11/30 22:52:12 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/11/13 09:53:20 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2007/11/13 09:51:24 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2007/11/13 09:51:24 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2007/11/13 09:51:18 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2007/11/13 09:51:10 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2007/11/13 09:51:10 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2007/11/13 09:51:10 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2007/11/13 09:51:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2007/11/13 09:51:07 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2007/11/13 09:51:07 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2007/11/13 09:51:07 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2007/11/13 09:51:07 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2007/11/13 09:51:07 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2007/11/13 09:51:07 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2007/11/13 09:51:07 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2007/11/13 09:51:06 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2007/11/13 09:51:06 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2007/11/13 09:51:06 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2007/11/13 09:49:53 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2007/11/13 09:49:53 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2007/11/13 09:49:53 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2007/11/13 09:49:53 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2007/11/13 09:49:53 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2007/11/13 09:49:52 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2007/11/13 09:46:47 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/18 21:23:36 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/24 10:29:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2008/01/14 10:22:17 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2008/04/13 12:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/02/22 22:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001/10/25 08:54:58 | 000,050,704 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2001/10/25 08:54:58 | 000,050,179 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2001/10/25 08:54:58 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2001/10/25 08:54:58 | 000,015,984 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2001/08/17 07:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 06:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 06:11:42 | 000,029,696 | ---- | M] (CNet Technology, Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DM9PCI5.SYS -- (DM9102) DAVICOM 9102(A)
DRV - [2000/11/08 15:36:38 | 000,010,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2000/11/08 15:36:18 | 000,036,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-602162358-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-606747145-602162358-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-606747145-602162358-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/21 11:00:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/18 21:23:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.21\ [2011/12/18 21:23:53 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/17 21:34:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-606747145-602162358-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-602162358-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-602162358-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-602162358-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-602162358-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1194914481343 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.1.30.50 69.1.30.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEEECEDD-60D7-44C4-984D-291318FEA14B}: DhcpNameServer = 69.1.30.50 69.1.30.51
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/12 17:27:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-606747145-602162358-1801674531-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
 
2nd half of OTL
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/18 21:28:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2011/12/18 21:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AVG2012
[2011/12/18 21:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/12/18 21:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AVG Secure Search
[2011/12/18 21:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/18 21:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/12/18 21:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/12/18 21:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/12/18 21:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/12/18 21:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/18 20:49:37 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/18 20:23:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/12/18 16:41:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/17 12:44:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/17 12:44:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/17 12:44:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/17 12:44:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/17 12:44:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/15 00:34:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2011/12/15 00:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/15 00:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/15 00:34:02 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/15 00:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/14 01:13:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/12/10 20:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/12/09 10:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/09 09:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/18 21:29:57 | 055,240,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/18 21:28:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2011/12/18 21:24:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/18 20:49:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/18 20:25:47 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-602162358-1801674531-1004.job
[2011/12/18 20:25:46 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-602162358-1801674531-1004.job
[2011/12/18 20:20:19 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/18 20:20:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/18 20:20:00 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 19:50:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/18 16:32:47 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Shortcut to ComboFix.exe.lnk
[2011/12/17 21:34:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/17 11:59:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/15 19:26:34 | 000,001,268 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Legacy_netbt.reg
[2011/12/15 19:26:14 | 000,001,256 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Legacy_ipsec.reg
[2011/12/15 19:25:46 | 000,001,214 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Legacy_afd.reg
[2011/12/15 00:34:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 00:38:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/11 23:04:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\prvlcl.dat
[2011/12/03 15:45:54 | 000,220,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/01 11:43:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/25 06:38:25 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/25 06:38:24 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/18 21:24:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/18 20:49:46 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2011/12/18 20:49:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/18 16:32:47 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Shortcut to ComboFix.exe.lnk
[2011/12/17 12:44:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/17 12:44:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/17 12:44:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/17 12:44:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/17 12:44:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/15 19:26:34 | 000,001,268 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Legacy_netbt.reg
[2011/12/15 19:26:14 | 000,001,256 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Legacy_ipsec.reg
[2011/12/15 19:25:46 | 000,001,214 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Legacy_afd.reg
[2011/12/15 00:34:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/14 01:28:20 | 000,106,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/09 12:01:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/23 08:38:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2011/05/21 10:55:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/05/15 00:07:03 | 000,013,054 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/15 00:07:03 | 000,013,054 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/03/07 13:04:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\prvlcl.dat
[2010/05/27 06:37:56 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\vqdlkr.dat
[2008/03/11 23:55:27 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/01/14 10:25:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/12/17 13:32:11 | 000,000,281 | ---- | C] () -- C:\WINDOWS\hpqgrcpy.INI
[2007/12/10 21:54:51 | 000,041,984 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2007/12/08 21:15:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\unPL72Z.dll
[2007/12/08 17:16:38 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2007/11/13 10:00:51 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat
[2007/11/13 09:44:28 | 000,085,319 | ---- | C] () -- C:\WINDOWS\hpgins01.dat
[2007/11/13 09:44:28 | 000,000,145 | ---- | C] () -- C:\WINDOWS\hpgmdl01.dat
[2007/11/13 09:38:19 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2007/11/13 02:15:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/13 02:14:40 | 000,174,672 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/11/12 18:17:05 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/12 17:33:02 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/11/12 17:30:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/12 17:24:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/10/25 08:54:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2001/10/25 08:53:34 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2001/08/18 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2001/08/18 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 06:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2001/08/18 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2001/08/18 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2001/08/18 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2001/08/18 06:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 06:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2008/08/04 21:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/12/18 21:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/12/18 21:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/05/22 09:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/11/09 09:44:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/26 13:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gFgKjNgIfPa28600
[2011/12/18 21:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/12/18 14:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/13 08:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\aAvgApi
[2008/08/04 21:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\acccore
[2011/06/24 08:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG
[2011/12/18 21:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG Secure Search
[2011/12/18 21:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG2012
[2008/01/14 10:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\DWGeditor
[2007/11/12 18:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/12 17:27:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/08/02 06:53:28 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2011/12/18 20:49:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/12/18 21:06:22 | 000,008,192 | ---- | M] () -- C:\ComboFix.txt
[2007/11/12 17:27:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/12/18 20:20:00 | 535,904,256 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/24 08:51:40 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2007/11/12 17:27:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/11/12 17:27:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/11/12 17:44:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/15 08:19:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/18 20:19:59 | 2147,483,648 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/11/12 17:27:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/11/13 02:13:44 | 000,090,112 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/11/13 02:13:44 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/11/13 02:13:44 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/15 08:32:35 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/09/15 10:38:38 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/11/12 17:33:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/18 21:28:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2007/12/08 21:04:41 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jim\Desktop\PowerPointViewer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/15 10:38:39 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jim\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/18 21:27:00 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\Jim\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/07/17 11:41:10 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2004/07/17 11:41:10 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 11:41:10 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 11:41:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
You must log in or register to reply here.

Similar threads

A
Windows 10 Enterprise and Education editions will soon enter end of life status
Replies
12
Views
248
Lounds
L
A
Microsoft reflects on 20 years of Windows Patch Tuesday
Replies
10
Views
368
OortCloud
O
Bob O'Donnell
Intel is refining its computing vision and where it sees the PC going
Replies
6
Views
279
human7
H

Latest posts

Back