Solved Cannot connect to any search engines after running malwarebytes' antivirus

[efoxeli]

hey all, i'm hoping you can help us.

my wife received this hand me down computer a few months ago and shortly thereafter it acquired the blue flair antivirus virus and she shut the computer down so as not to infect my computer connected to the same network. we believe this computerwas constructed by our local tech expert (it has no brand name) but it is running windows xp pro v. 2002 sp-3. it has an 111 gb hard drive, a 2.o ghz processor and 1 gb of ram. I am not particularly tech savvy but we did follow the instructions we got from bleepingcomputer.com after an internet search on how to remove the virus.

malwarebytes' has been run successfully but now we cannot connect to any search engines with this computer.

then we found techspot and we followed the steps outlined on your website to remove a virus or malware. here are the first two logs generated by that process:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8076

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/3/2011 11:14:58 AM
mbam-log-2011-11-03 (11-14-58).txt

Scan type: Full scan (C:\|)
Objects scanned: 293271
Time elapsed: 1 hour(s), 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YJ3C6F6A6XZV5BYG (Trojan.SpyEyes.R) -> Value: YJ3C6F6A6XZV5BYG -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\compmgm (Trojan.Agent) -> Value: compmgm -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001349.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001351.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001352.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{18cc20fe-772f-4276-a214-16cc6e97046f}\RP6\A0001354.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.20347005854515965.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.37444608322699324.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.7598730112847655.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.7906734744129083.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.9168849519617404.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\systemsvc\2e4f34c5820.exe (Trojan.SpyEyes.R) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-11-03 14:51:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 Promise_ rev.1.10
Running: w4n15s4b.exe; Driver: C:\DOCUME~1\Eli\LOCALS~1\Temp\pgliqpoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT spya.sys ZwEnumerateKey [0xF72FACA2]
SSDT spya.sys ZwEnumerateValueKey [0xF72FB030]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7230B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\fasttx2k -> DriverStartIo \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 8650E31B
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1Port2Path0Target0Lun0 86F6B1F8
Device \Driver\viamraid \Device\Scsi\viamraid1 86FD61F8
Device \Driver\fasttx2k -> DriverStartIo \Device\Scsi\fasttx2k1 8650E31B
Device \Driver\fasttx2k \Device\Scsi\fasttx2k1 86F6B1F8
Device \FileSystem\Ntfs \Ntfs 86FD51F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

i am having some difficulty retrieving the dds and attach logs but i can run the dds again if you think it is necessary. i am anxiously awaiting any he;p you may be able to give me with this problem.

 

[efoxeli]

here are the dds & attach logs

here are the dds and attach logs that i could not locate earlier:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Janine at 14:23:56 on 2011-11-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.268 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://192.168.0.253:82/kxhcm10.ocx
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.0.150/RemoteWeb.cab
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - hxxp://zone.msn.com/bingame/rock/default/popcaploader1.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.0.150/VideoViewer.cab
DPF: {64D01C7F-810D-446E-A07E-16C764235644} - hxxp://zone.msn.com/bingame/amad/default/atomaders.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239046279656
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://64.91.95.226/activex/AxisCamControl.cab
DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://192.168.0.41/plugin/h263ctrl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{970F5321-FE70-4B09-B4DA-1FF80A398153} : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2005\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 80.79.117.219 www.google.com
Hosts: 80.79.117.220 search.yahoo.com
Hosts: 80.79.117.220 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eli\application data\mozilla\firefox\profiles\8l3pcn04.default\
FF - plugin: c:\documents and settings\eli\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R1 SolDisk;SolDisk;c:\windows\system32\drivers\soldisk.sys [2010-2-3 38344]
R1 SolFS;SolFS;c:\windows\system32\drivers\solfs.sys [2010-2-3 285256]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-3-9 6656]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-3-5 1257760]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2001-10-24 36224]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-18 135664]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-18 135664]
S3 HwIOctl;HwIOctl; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\ptdubus.sys --> c:\windows\system32\drivers\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\ptdumdm.sys --> c:\windows\system32\drivers\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\ptduvsp.sys --> c:\windows\system32\drivers\PTDUVsp.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\ptduwwan.sys --> c:\windows\system32\drivers\PTDUWWAN.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-9 27064]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [2004-10-5 4992]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\SET29.tmp
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\SET27.tmp
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\SET28.tmp
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\SET24.tmp
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 14:25:37.17 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/27/2007 2:34:48 PM
System Uptime: 11/6/2011 11:26:42 AM (3 hours ago)
.
Motherboard: MSI | | MS-6702
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket-754 | 2000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 89.159 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/12/2011 8:33:59 AM - System Checkpoint
RP2: 8/12/2011 8:35:12 AM - Software Distribution Service 3.0
RP3: 8/12/2011 9:43:20 AM - Software Distribution Service 3.0
RP4: 8/15/2011 8:10:46 AM - Software Distribution Service 3.0
RP5: 8/15/2011 3:03:54 PM - Software Distribution Service 3.0
RP6: 8/17/2011 7:19:36 AM - Software Distribution Service 3.0
RP7: 8/17/2011 8:29:42 AM - Restore Operation
RP8: 8/17/2011 8:35:48 AM - Restore Operation
RP9: 8/17/2011 2:00:15 PM - Software Distribution Service 3.0
RP10: 8/17/2011 4:06:50 PM - Software Distribution Service 3.0
RP11: 11/3/2011 2:00:18 PM - Software Distribution Service 3.0
RP12: 11/4/2011 8:30:39 AM - Software Distribution Service 3.0
RP13: 11/6/2011 2:00:16 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 9.4.5
Amazing Universe Premium Screen Saver
ANIO Service
ANIWZCS2 Service
AVG 2011
Big City Adventure Sydney
Big Fish Games Client
BufferChm
C5500
C5500_Help
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
DocProc
Facebook Plug-In
GEAR driver installer for x86 and x64
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
InstallMgr
Java(TM) 6 Update 13
LaserJet 1018
Little Shop of Treasures 2
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Small Business Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 7.0.1 (x86 en-US)
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Mystery Case Files: Madame Fate
Mystery Case Files: Ravenhearst ™
neroxml
OGA Notifier 2.0.0048.0
PanoStandAlone
Picasa 3
Platform
PS_AIO_04_C5500_ProductContext
PS_AIO_04_C5500_Software
PS_AIO_04_C5500_Software_Min
PSSWCORE
QuickBooks
QuickBooks Pro 2011
QuickTime
Realtek AC'97 Audio
Revo Uninstaller Pro 2.5.3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB960763)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows XP Service Pack 3
Wireless G WUA-1340
WordPerfect Office 11
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/3/2011 2:01:50 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447).
11/3/2011 12:01:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
11/3/2011 12:01:09 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/3/2011 12:00:46 PM, error: Service Control Manager [7000] - The lxdw_device service failed to start due to the following error: The system cannot find the file specified.
11/3/2011 11:18:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: gagp30kx SI3114r Si3114r5 TfFsMon TfSysMon videX32
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[efoxeli]

TDSS report

hey broni,

thanks for getting back to us so quickly. the scan has been run. here is the report.


17:48:35.0890 3664 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
17:48:36.0640 3664 ============================================================
17:48:36.0640 3664 Current date / time: 2011/11/06 17:48:36.0640
17:48:36.0640 3664 SystemInfo:
17:48:36.0640 3664
17:48:36.0640 3664 OS Version: 5.1.2600 ServicePack: 3.0
17:48:36.0640 3664 Product type: Workstation
17:48:36.0640 3664 ComputerName: COMPUTER
17:48:36.0640 3664 UserName: Janine
17:48:36.0640 3664 Windows directory: C:\WINDOWS
17:48:36.0640 3664 System windows directory: C:\WINDOWS
17:48:36.0640 3664 Processor architecture: Intel x86
17:48:36.0640 3664 Number of processors: 1
17:48:36.0640 3664 Page size: 0x1000
17:48:36.0640 3664 Boot type: Normal boot
17:48:36.0640 3664 ============================================================
17:48:37.0859 3664 !crdlk
17:48:37.0906 3664 Initialize success
17:48:43.0703 3068 ============================================================
17:48:43.0703 3068 Scan started
17:48:43.0703 3068 Mode: Manual;
17:48:43.0703 3068 ============================================================
17:48:44.0781 3068 Abiosdsk - ok
17:48:44.0859 3068 abp480n5 - ok
17:48:45.0062 3068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:48:45.0078 3068 ACPI - ok
17:48:45.0234 3068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:48:45.0250 3068 ACPIEC - ok
17:48:45.0375 3068 adpu160m - ok
17:48:45.0500 3068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:48:45.0500 3068 aec - ok
17:48:45.0640 3068 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:48:45.0640 3068 AFD - ok
17:48:45.0750 3068 Aha154x - ok
17:48:45.0843 3068 aic78u2 - ok
17:48:45.0953 3068 aic78xx - ok
17:48:46.0234 3068 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:48:46.0390 3068 ALCXWDM - ok
17:48:46.0515 3068 AliIde - ok
17:48:46.0578 3068 amsint - ok
17:48:46.0687 3068 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
17:48:46.0687 3068 AN983 - ok
17:48:46.0796 3068 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
17:48:46.0796 3068 ANIO - ok
17:48:46.0921 3068 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:48:46.0921 3068 Arp1394 - ok
17:48:47.0000 3068 asc - ok
17:48:47.0078 3068 asc3350p - ok
17:48:47.0140 3068 asc3550 - ok
17:48:47.0250 3068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:48:47.0250 3068 AsyncMac - ok
17:48:47.0328 3068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:48:47.0328 3068 atapi - ok
17:48:47.0390 3068 Atdisk - ok
17:48:47.0468 3068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:48:47.0468 3068 Atmarpc - ok
17:48:47.0562 3068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:48:47.0578 3068 audstub - ok
17:48:47.0703 3068 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:48:47.0703 3068 AVGIDSDriver - ok
17:48:47.0796 3068 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:48:47.0796 3068 AVGIDSEH - ok
17:48:47.0890 3068 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:48:47.0890 3068 AVGIDSFilter - ok
17:48:47.0968 3068 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:48:47.0968 3068 AVGIDSShim - ok
17:48:48.0078 3068 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:48:48.0109 3068 Avgldx86 - ok
17:48:48.0187 3068 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:48:48.0187 3068 Avgmfx86 - ok
17:48:48.0250 3068 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:48:48.0265 3068 Avgrkx86 - ok
17:48:48.0343 3068 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:48:48.0375 3068 Avgtdix - ok
17:48:48.0500 3068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:48:48.0500 3068 Beep - ok
17:48:48.0609 3068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:48:48.0609 3068 cbidf2k - ok
17:48:48.0703 3068 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:48:48.0734 3068 CCDECODE - ok
17:48:48.0828 3068 cd20xrnt - ok
17:48:48.0906 3068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:48:48.0921 3068 Cdaudio - ok
17:48:49.0000 3068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:48:49.0000 3068 Cdfs - ok
17:48:49.0093 3068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:48:49.0093 3068 Cdrom - ok
17:48:49.0156 3068 Changer - ok
17:48:49.0281 3068 CmdIde - ok
17:48:49.0390 3068 Cpqarray - ok
17:48:49.0468 3068 dac2w2k - ok
17:48:49.0531 3068 dac960nt - ok
17:48:49.0640 3068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:48:49.0640 3068 Disk - ok
17:48:49.0750 3068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:48:49.0812 3068 dmboot - ok
17:48:49.0906 3068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:48:49.0921 3068 dmio - ok
17:48:49.0984 3068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:48:49.0984 3068 dmload - ok
17:48:50.0046 3068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:48:50.0062 3068 DMusic - ok
17:48:50.0171 3068 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:48:50.0218 3068 dot4 - ok
17:48:50.0328 3068 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:48:50.0328 3068 Dot4Print - ok
17:48:50.0437 3068 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
17:48:50.0453 3068 dot4usb - ok
17:48:50.0515 3068 dpti2o - ok
17:48:50.0562 3068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:48:50.0578 3068 drmkaud - ok
17:48:50.0781 3068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:48:50.0781 3068 Fastfat - ok
17:48:50.0875 3068 fasttx2k (8958fc7f2df3c4f0a363a8644583485c) C:\WINDOWS\system32\drivers\fasttx2k.sys
17:48:50.0875 3068 fasttx2k - ok
17:48:50.0968 3068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:48:50.0968 3068 Fdc - ok
17:48:51.0046 3068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:48:51.0046 3068 Fips - ok
17:48:51.0125 3068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:48:51.0125 3068 Flpydisk - ok
17:48:51.0203 3068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:48:51.0218 3068 FltMgr - ok
17:48:51.0296 3068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:48:51.0296 3068 Fs_Rec - ok
17:48:51.0375 3068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:48:51.0375 3068 Ftdisk - ok
17:48:51.0453 3068 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
17:48:51.0453 3068 gagp30kx - ok
17:48:51.0531 3068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:48:51.0546 3068 GEARAspiWDM - ok
17:48:51.0625 3068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:48:51.0640 3068 Gpc - ok
17:48:51.0796 3068 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:48:51.0796 3068 HidUsb - ok
17:48:51.0921 3068 hpn - ok
17:48:52.0015 3068 HPZid412 - ok
17:48:52.0046 3068 HPZipr12 - ok
17:48:52.0156 3068 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:48:52.0171 3068 HPZius12 - ok
17:48:52.0296 3068 HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
17:48:52.0312 3068 HSFHWBS2 - ok
17:48:52.0406 3068 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
17:48:52.0484 3068 HSF_DP - ok
17:48:52.0593 3068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:48:52.0609 3068 HTTP - ok
17:48:52.0687 3068 HwIOctl - ok
17:48:52.0750 3068 i2omgmt - ok
17:48:52.0843 3068 i2omp - ok
17:48:52.0921 3068 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:48:52.0921 3068 i8042prt - ok
17:48:53.0000 3068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:48:53.0000 3068 Imapi - ok
17:48:53.0093 3068 ini910u - ok
17:48:53.0171 3068 IntelIde - ok
17:48:53.0265 3068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:48:53.0265 3068 Ip6Fw - ok
17:48:53.0375 3068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:48:53.0375 3068 IpFilterDriver - ok
17:48:53.0484 3068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:48:53.0484 3068 IpInIp - ok
17:48:53.0578 3068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:48:53.0593 3068 IpNat - ok
17:48:53.0671 3068 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
17:48:53.0671 3068 iPodDrv - ok
17:48:53.0781 3068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:48:53.0796 3068 IPSec - ok
17:48:53.0906 3068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:48:53.0921 3068 IRENUM - ok
17:48:54.0000 3068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:48:54.0000 3068 isapnp - ok
17:48:54.0093 3068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:48:54.0093 3068 Kbdclass - ok
17:48:54.0187 3068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:48:54.0203 3068 kmixer - ok
17:48:54.0296 3068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:48:54.0296 3068 KSecDD - ok
17:48:54.0437 3068 lbrtfdc - ok
17:48:54.0546 3068 LHidUsbK (a0d6a7e4f95adc2472d3f53305874d55) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
17:48:54.0562 3068 LHidUsbK - ok
17:48:54.0656 3068 LMouKE - ok
17:48:54.0750 3068 LNE100 (e7a30b307ac29afbb993049df04bb91b) C:\WINDOWS\system32\DRIVERS\LNE100V5.sys
17:48:54.0750 3068 LNE100 - ok
17:48:54.0843 3068 MBAMSwissArmy - ok
17:48:54.0953 3068 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:48:54.0968 3068 mdmxsdk - ok
17:48:55.0046 3068 Memctl - ok
17:48:55.0156 3068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:48:55.0171 3068 mnmdd - ok
17:48:55.0296 3068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:48:55.0296 3068 Modem - ok
17:48:55.0390 3068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:48:55.0406 3068 Mouclass - ok
17:48:55.0515 3068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:48:55.0515 3068 mouhid - ok
17:48:55.0609 3068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:48:55.0625 3068 MountMgr - ok
17:48:55.0718 3068 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
17:48:55.0718 3068 MQAC - ok
17:48:55.0812 3068 mraid35x - ok
17:48:55.0937 3068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:48:55.0968 3068 MRxDAV - ok
17:48:56.0078 3068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:48:56.0093 3068 MRxSmb - ok
17:48:56.0203 3068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:48:56.0203 3068 Msfs - ok
17:48:56.0296 3068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:48:56.0312 3068 MSKSSRV - ok
17:48:56.0453 3068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:48:56.0453 3068 MSPCLOCK - ok
17:48:56.0531 3068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:48:56.0531 3068 MSPQM - ok
17:48:56.0640 3068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:48:56.0640 3068 mssmbios - ok
17:48:56.0734 3068 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:48:56.0734 3068 MSTEE - ok
17:48:56.0828 3068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:48:56.0859 3068 Mup - ok
17:48:56.0968 3068 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:48:56.0968 3068 NABTSFEC - ok
17:48:57.0078 3068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:48:57.0109 3068 NDIS - ok
17:48:57.0187 3068 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:48:57.0187 3068 NdisIP - ok
17:48:57.0281 3068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:48:57.0296 3068 NdisTapi - ok
17:48:57.0359 3068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:48:57.0359 3068 Ndisuio - ok
17:48:57.0468 3068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:48:57.0484 3068 NdisWan - ok
17:48:57.0578 3068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:48:57.0578 3068 NDProxy - ok
17:48:57.0687 3068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:48:57.0687 3068 NetBIOS - ok
17:48:57.0765 3068 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:48:57.0781 3068 NetBT - ok
17:48:57.0968 3068 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:48:57.0968 3068 NIC1394 - ok
17:48:58.0093 3068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:48:58.0093 3068 Npfs - ok
17:48:58.0218 3068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:48:58.0234 3068 Ntfs - ok
17:48:58.0343 3068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:48:58.0359 3068 Null - ok
17:48:58.0531 3068 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:48:58.0625 3068 nv - ok
17:48:58.0812 3068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:48:58.0812 3068 NwlnkFlt - ok
17:48:58.0890 3068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:48:58.0906 3068 NwlnkFwd - ok
17:48:58.0984 3068 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:48:58.0984 3068 ohci1394 - ok
17:48:59.0093 3068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:48:59.0093 3068 Parport - ok
17:48:59.0171 3068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:48:59.0171 3068 PartMgr - ok
17:48:59.0281 3068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:48:59.0281 3068 ParVdm - ok
17:48:59.0343 3068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:48:59.0343 3068 PCI - ok
17:48:59.0406 3068 PCIDump - ok
17:48:59.0484 3068 PCIIde - ok
17:48:59.0562 3068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:48:59.0562 3068 Pcmcia - ok
17:48:59.0625 3068 pctplsg - ok
17:48:59.0703 3068 PDCOMP - ok
17:48:59.0765 3068 PDFRAME - ok
17:48:59.0843 3068 PDRELI - ok
17:48:59.0953 3068 PDRFRAME - ok
17:49:00.0015 3068 perc2 - ok
17:49:00.0078 3068 perc2hib - ok
17:49:00.0250 3068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:49:00.0265 3068 PptpMiniport - ok
17:49:00.0343 3068 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:49:00.0343 3068 Processor - ok
17:49:00.0421 3068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:49:00.0421 3068 PSched - ok
17:49:00.0484 3068 PTDUBus - ok
17:49:00.0562 3068 PTDUMdm - ok
17:49:00.0625 3068 PTDUVsp - ok
17:49:00.0671 3068 PTDUWWAN - ok
17:49:00.0781 3068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:49:00.0781 3068 Ptilink - ok
17:49:00.0875 3068 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:49:00.0890 3068 PxHelp20 - ok
17:49:01.0015 3068 ql1080 - ok
17:49:01.0078 3068 Ql10wnt - ok
17:49:01.0140 3068 ql12160 - ok
17:49:01.0218 3068 ql1240 - ok
17:49:01.0281 3068 ql1280 - ok
17:49:01.0359 3068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:49:01.0359 3068 RasAcd - ok
17:49:01.0421 3068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:49:01.0437 3068 Rasl2tp - ok
17:49:01.0515 3068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:49:01.0531 3068 RasPppoe - ok
17:49:01.0593 3068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:49:01.0593 3068 Raspti - ok
17:49:01.0671 3068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:49:01.0703 3068 Rdbss - ok
17:49:01.0781 3068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:49:01.0781 3068 RDPCDD - ok
17:49:01.0875 3068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:49:01.0890 3068 rdpdr - ok
17:49:02.0015 3068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:49:02.0015 3068 RDPWD - ok
17:49:02.0125 3068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:49:02.0125 3068 redbook - ok
17:49:02.0265 3068 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
17:49:02.0265 3068 Revoflt - ok
17:49:02.0343 3068 RimUsb - ok
17:49:02.0453 3068 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:49:02.0484 3068 RimVSerPort - ok
17:49:02.0593 3068 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
17:49:02.0625 3068 RMCAST - ok
17:49:02.0718 3068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:49:02.0718 3068 ROOTMODEM - ok
17:49:02.0921 3068 RT73 (b01b2c25bd80770878285fb569090d7b) C:\WINDOWS\system32\DRIVERS\Dr71WU.sys
17:49:02.0968 3068 RT73 - ok
17:49:03.0156 3068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:49:03.0171 3068 Secdrv - ok
17:49:03.0312 3068 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:49:03.0328 3068 serenum - ok
17:49:03.0390 3068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:49:03.0390 3068 Serial - ok
17:49:03.0531 3068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:49:03.0546 3068 Sfloppy - ok
17:49:03.0703 3068 SI3114r (d8d12a5acf76bbc9a3cf56a85b7f442f) C:\WINDOWS\system32\DRIVERS\SI3114R.sys
17:49:03.0703 3068 SI3114r - ok
17:49:03.0828 3068 Si3114r5 (87d406c592327ded095ff314427a4fa7) C:\WINDOWS\system32\DRIVERS\Si3114r5.sys
17:49:03.0843 3068 Si3114r5 - ok
17:49:03.0953 3068 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
17:49:03.0953 3068 SiFilter - ok
17:49:04.0078 3068 Simbad - ok
17:49:04.0187 3068 SiRemFil (41a59f484188be629087ba391ff60d74) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
17:49:04.0187 3068 SiRemFil - ok
17:49:04.0281 3068 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:49:04.0281 3068 SLIP - ok
17:49:04.0343 3068 SMNDIS5 - ok
17:49:04.0468 3068 SolDisk (49c2ecb03af985c3b078c3fc7b7ebcfe) C:\WINDOWS\system32\drivers\soldisk.sys
17:49:04.0468 3068 SolDisk - ok
17:49:04.0546 3068 SolFS (ae20f4e1aff911c826022d98bed9b733) C:\WINDOWS\system32\drivers\solfs.sys
17:49:04.0593 3068 SolFS - ok
17:49:04.0656 3068 Sparrow - ok
17:49:04.0750 3068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:49:04.0750 3068 splitter - ok
17:49:04.0906 3068 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
17:49:04.0906 3068 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:49:04.0906 3068 sptd ( LockedFile.Multi.Generic ) - warning
17:49:04.0906 3068 sptd - detected LockedFile.Multi.Generic (1)
17:49:04.0984 3068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:49:04.0984 3068 sr - ok
17:49:05.0125 3068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:49:05.0140 3068 Srv - ok
17:49:05.0265 3068 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:49:05.0265 3068 streamip - ok
17:49:05.0359 3068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:49:05.0359 3068 swenum - ok
17:49:05.0453 3068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:49:05.0453 3068 swmidi - ok
17:49:05.0546 3068 symc810 - ok
17:49:05.0609 3068 symc8xx - ok
17:49:05.0671 3068 sym_hi - ok
17:49:05.0734 3068 sym_u3 - ok
17:49:05.0828 3068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:49:05.0828 3068 sysaudio - ok
17:49:05.0968 3068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:49:06.0000 3068 Tcpip - ok
17:49:06.0093 3068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:49:06.0093 3068 TDPIPE - ok
17:49:06.0171 3068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:49:06.0171 3068 TDTCP - ok
17:49:06.0250 3068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:49:06.0250 3068 TermDD - ok
17:49:06.0328 3068 TfFsMon - ok
17:49:06.0390 3068 TfNetMon - ok
17:49:06.0453 3068 TfSysMon - ok
17:49:06.0546 3068 TosIde - ok
17:49:06.0671 3068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:49:06.0671 3068 Udfs - ok
17:49:06.0734 3068 ultra - ok
17:49:06.0859 3068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:49:06.0875 3068 Update - ok
17:49:06.0984 3068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:49:07.0000 3068 usbccgp - ok
17:49:07.0093 3068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:49:07.0093 3068 usbehci - ok
17:49:07.0171 3068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:49:07.0171 3068 usbhub - ok
17:49:07.0218 3068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:49:07.0234 3068 usbprint - ok
17:49:07.0328 3068 USBREC (8d9e86d710889ebb31dd42435922da2f) C:\WINDOWS\system32\DRIVERS\USBREC.sys
17:49:07.0359 3068 USBREC - ok
17:49:07.0437 3068 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:49:07.0437 3068 usbscan - ok
17:49:07.0515 3068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:49:07.0531 3068 USBSTOR - ok
17:49:07.0656 3068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:49:07.0656 3068 usbuhci - ok
17:49:07.0734 3068 USBVCD (f4a825865e31a849aca14efc8340f229) C:\WINDOWS\system32\drivers\USBVCD.sys
17:49:07.0734 3068 USBVCD - ok
17:49:07.0843 3068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:49:07.0843 3068 VgaSave - ok
17:49:07.0953 3068 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
17:49:07.0953 3068 viaagp1 - ok
17:49:08.0031 3068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:49:08.0031 3068 ViaIde - ok
17:49:08.0109 3068 viamraid (44056e9fee477f512ee58bcfee949621) C:\WINDOWS\system32\DRIVERS\viamraid.sys
17:49:08.0109 3068 viamraid - ok
17:49:08.0203 3068 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\WINDOWS\system32\DRIVERS\videX32.sys
17:49:08.0203 3068 videX32 - ok
17:49:08.0296 3068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:49:08.0312 3068 VolSnap - ok
17:49:08.0437 3068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:49:08.0437 3068 Wanarp - ok
17:49:08.0515 3068 WDICA - ok
17:49:08.0578 3068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:49:08.0578 3068 wdmaud - ok
17:49:08.0765 3068 winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
17:49:08.0812 3068 winachsf - ok
17:49:09.0046 3068 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:49:09.0078 3068 WpdUsb - ok
17:49:09.0187 3068 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:49:09.0187 3068 WS2IFSL - ok
17:49:09.0296 3068 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:49:09.0296 3068 WSTCODEC - ok
17:49:09.0437 3068 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:49:09.0437 3068 WudfPf - ok
17:49:09.0500 3068 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:49:09.0500 3068 WudfRd - ok
17:49:09.0671 3068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:49:09.0843 3068 \Device\Harddisk0\DR0 - ok
17:49:09.0875 3068 Boot (0x1200) (4e768735cecc314ed6b6e92fa3ab25db) \Device\Harddisk0\DR0\Partition0
17:49:09.0875 3068 \Device\Harddisk0\DR0\Partition0 - ok
17:49:09.0890 3068 ============================================================
17:49:09.0890 3068 Scan finished
17:49:09.0890 3068 ============================================================
17:49:09.0921 3192 Detected object count: 1
17:49:09.0921 3192 Actual detected object count: 1
17:49:33.0453 3192 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:49:33.0453 3192 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

 

[Broni]

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[efoxeli]

aswMBR log

Hey Broni,

Here is the log from the latest scan.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-06 18:19:32
-----------------------------
18:19:32.828 OS Version: Windows 5.1.2600 Service Pack 3
18:19:32.828 Number of processors: 1 586 0xC00
18:19:32.828 ComputerName: COMPUTER UserName: Janine
18:19:33.156 Initialize success
18:50:25.703 AVAST engine defs: 11110602
19:00:44.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\fasttx2k1Port2Path0Target0Lun0
19:00:44.437 Disk 0 Vendor: Promise_ 1.10 Size: 114440MB BusType: 1
19:00:44.437 Device \Driver\fasttx2k -> DriverStartIo 8650e31b
19:00:44.437 Disk 0 MBR read error 0
19:00:44.437 Disk 0 MBR scan
19:00:44.531 Disk 0 unknown MBR code
19:00:44.531 MBR BIOS signature not found 0
19:00:44.531 Disk 0 scanning sectors +234356220
19:00:44.625 Disk 0 scanning C:\WINDOWS\system32\drivers
19:01:04.984 Service scanning
19:01:05.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
19:01:06.156 Modules scanning
19:01:13.812 Disk 0 trace - called modules:
19:01:14.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8650e4d0]<<
19:01:14.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fa8798]
19:01:14.312 3 CLASSPNP.SYS[f754cfd7] -> nt!IofCallDriver -> [0x864c6d58]
19:01:14.312 \Driver\fasttx2k[0x86f239b8] -> IRP_MJ_CREATE -> 0x8650e4d0
19:01:14.937 AVAST engine scan C:\WINDOWS
19:01:39.015 AVAST engine scan C:\WINDOWS\system32
19:02:07.578 AVAST engine scan C:\WINDOWS\system32\drivers
19:02:07.593 AVAST engine scan C:\Documents and Settings\Eli
19:02:07.609 AVAST engine scan C:\Documents and Settings\All Users
19:02:07.609 Scan finished successfully
19:05:01.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eli\Desktop\MBR.dat"
19:05:01.109 The log file has been saved successfully to "C:\Documents and Settings\Eli\Desktop\aswMBR.txt"

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[efoxeli]

combofix log

Hey Broni,

Had a little trouble with my AVG antivirus but I finally got it uninstalled and ran combofix. Here's the log:

ComboFix 11-11-07.02 - Janine 11/06/2011 21:24:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.663 [GMT -7:00]
Running from: c:\documents and settings\Eli\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\All Users\SPL29BC.tmp
c:\documents and settings\All Users\SPLAEB9.tmp
c:\documents and settings\All Users\SPLAEC6.tmp
c:\documents and settings\Eli\Application Data\4FB6.B66
c:\documents and settings\Eli\Application Data\Adobe\plugs
c:\documents and settings\Eli\Application Data\Adobe\shed
c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}
c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}\chrome\content\_cfg.js
c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}\chrome\content\overlay.xul
c:\documents and settings\Eli\Local Settings\Application Data\{0F95E375-610C-4480-BFF6-123DCDC12084}\install.rdf
c:\documents and settings\Eli\Local Settings\Temporary Internet Files\MCP61.zip
c:\documents and settings\Eli\Local Settings\Temporary Internet Files\viewChanges.html
c:\documents and settings\Eli\Start Menu\Internet Explorer.lnk
C:\systemsvc
c:\systemsvc\BBEBACA03B82454
c:\windows\system32\0.25274101998350906.exe
c:\windows\system32\bszip.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-03 17:42 . 2011-11-03 17:42 -------- d-----w- c:\documents and settings\Eli\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2001-08-23 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2001-08-23 04:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-03 08:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-03 07:17 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00 . 2011-08-08 22:20 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-17 13:49 . 2004-08-03 07:14 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-29 06:53 . 2011-11-03 17:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-02 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 16:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-08-30 17:50 205480 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2008-04-14 00:11 177152 ----a-w- c:\windows\system32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
2003-06-05 14:49 118784 -c--a-w- c:\windows\system32\ptipbmf.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2003-02-26 02:27 77887 ----a-w- c:\program files\WordPerfect Office 11\Programs\QFSCHD110.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 11:19 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"SeaPort"=2 (0x2)
"NMIndexingService"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"Bonjour Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ACDaemon"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/1/2009 1:04 PM 717296]
R1 SolDisk;SolDisk;c:\windows\system32\drivers\soldisk.sys [2/3/2010 2:46 PM 38344]
R1 SolFS;SolFS;c:\windows\system32\drivers\solfs.sys [2/3/2010 2:46 PM 285256]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [3/9/2010 9:00 PM 6656]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [3/5/2011 8:03 PM 1257760]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [10/24/2001 3:16 PM 36224]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 9:14 AM 135664]
S2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2011 9:14 AM 135664]
S3 HwIOctl;HwIOctl; [x]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys --> c:\windows\system32\DRIVERS\PTDUBus.sys [?]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys --> c:\windows\system32\DRIVERS\PTDUMdm.sys [?]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys --> c:\windows\system32\DRIVERS\PTDUVsp.sys [?]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys --> c:\windows\system32\DRIVERS\PTDUWWAN.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [8/9/2011 8:12 AM 27064]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 USBREC;Canon USB Video Record;c:\windows\system32\drivers\USBREC.sys [10/5/2004 9:39 AM 4992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\backup.job
- C:\backup.bat [2007-10-11 18:22]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 16:14]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-18 16:14]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://192.168.0.253:82/kxhcm10.ocx
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.0.150/RemoteWeb.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.0.150/VideoViewer.cab
FF - ProfilePath - c:\documents and settings\Eli\Application Data\Mozilla\Firefox\Profiles\8l3pcn04.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-ErrorFix - c:\program files\ErrorFix\ErrorFix.exe
MSConfigStartUp-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-RaidTool - c:\program files\VIA\RAID\raid_tool.exe
MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
MSConfigStartUp-YSearchProtection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 21:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,3f,ca,04,c6,88,84,48,b8,23,36,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,3f,ca,04,c6,88,84,48,b8,23,36,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll
.
Completion time: 2011-11-06 21:45:41
ComboFix-quarantined-files.txt 2011-11-07 04:45
.
Pre-Run: 96,484,118,528 bytes free
Post-Run: 98,706,808,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9CBD22BCFC3B11492A4647EADEB2B405

 

[Broni]

Looks good.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[efoxeli]

OTL logs

Hey Broni,

Sorry about the delay but by the time AVG was reinstalled last night I was asleep in my chair. The computer seems to be doing well. I was able to use Google to locate AVG so I guess that search engine, at least, is working. I'm not really doing anything else with the computer during this process, just trying to follow instructions to the letter. I really appreciate your help.

Here are the OTL logs:

OTL Extras logfile created on: 11/7/2011 8:19:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 461.05 Mb Available Physical Memory | 45.05% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 91.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2005\QBDBMgrN.exe:*:Enabled:QuickBooks 2011 Data Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{114AA4D3-A577-400E-A1B2-3CF75CF8D2E2}" = C5500_Help
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{246B1C35-590F-4B2F-B1B3-6CF57E752EE7}" = GEAR driver installer for x86 and x64
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5B8B9664-21C8-4A1C-AEE4-EF7B1EEB6BD3}" = PS_AIO_04_C5500_Software
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113798980}" = Little Shop of Treasures 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114643957}" = Big City Adventure Sydney
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8E37A0C8-C0E7-4E7A-8739-ACF20D02E70C}" = PS_AIO_04_C5500_Software_Min
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A9310B0-FAD0-440E-97B1-5EE14568EF78}" = PS_AIO_04_C5500_ProductContext
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C77A7F57-0BA5-4A17-B1C4-28E1D5F5A6EC}" = C5500
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D895E3FB-45BA-4BBF-BE50-0DEED3CD3F7E}" = Wireless G WUA-1340
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Amazing Universe Premium Screen Saver" = Amazing Universe Premium Screen Saver
"AVG" = AVG 2012
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Madame Fate" = Mystery Case Files: Madame Fate
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Silicon Image Events ]
Error - 10/2/2007 7:03:46 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 3 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:03:51 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 1 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:03:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 0 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:04:01 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 2 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:04:51 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 3 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:04:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 2 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:05:01 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 1 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:05:51 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 2 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:05:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 1 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

Error - 10/2/2007 7:05:56 PM | Computer Name = COMPUTER | Source = SATARaid | ID = 0
Description = Device remove The Channel 3 Device on adapter 0, WDC WD3200YS-01PGB0,
was removed.

[ System Events ]
Error - 11/7/2011 12:00:27 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The AVG WatchDog service failed to start due to the following error:
%%109

Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AVGIDSDRIVER\0000 disappeared from the system
without first being prepared for removal.

Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AVGIDSEH\0000 disappeared from the system without
first being prepared for removal.

Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AVGIDSFILTER\0000 disappeared from the system
without first being prepared for removal.

Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AVGIDSSHIM\0000 disappeared from the system
without first being prepared for removal.

Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AVGLDX86\0000 disappeared from the system without
first being prepared for removal.

Error - 11/7/2011 12:01:29 AM | Computer Name = COMPUTER | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_AVGTDIX\0000 disappeared from the system without
first being prepared for removal.

Error - 11/7/2011 12:04:43 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7000
Description = The lxdw_device service failed to start due to the following error:
%%2

Error - 11/7/2011 12:06:04 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/7/2011 12:06:04 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TfSysMon


< End of report >

To much info for one post. I'll send the OTL.Txt log in another post.

 

[efoxeli]

1/2 of OTL.Txt log

OTL logfile created on: 11/7/2011 8:19:25 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eli\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.47 Mb Total Physical Memory | 461.05 Mb Available Physical Memory | 45.05% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 91.59 Gb Free Space | 81.96% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Janine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/07 08:17:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eli\My Documents\Downloads\OTL.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/05 20:26:12 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/03/05 20:03:00 | 001,257,760 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/27 15:25:52 | 001,662,976 | ---- | M] (D-Link) -- C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
PRC - [2007/01/19 10:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/12 07:55:55 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/12 07:46:40 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/28 13:07:43 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/09/10 02:37:52 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\lxdwoem.dll
MOD - [2008/04/30 17:41:53 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\LXDWPMON.DLL
MOD - [2007/08/20 16:41:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (lxdw_device)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/03/05 20:26:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/03/05 20:03:00 | 001,257,760 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/03/09 21:00:06 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/04/02 09:24:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/09/24 10:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 11:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/11/16 22:30:02 | 000,285,256 | ---- | M] (EldoS Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\solfs.sys -- (SolFS)
DRV - [2007/11/16 22:30:00 | 000,038,344 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\soldisk.sys -- (SolDisk)
DRV - [2007/10/02 14:36:12 | 000,110,384 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3114R.sys -- (SI3114r)
DRV - [2007/07/28 14:21:16 | 000,451,456 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007/02/07 10:30:04 | 000,209,200 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2006/10/18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2006/10/17 19:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/12/11 10:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/07/22 22:41:18 | 000,036,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/11/01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/10/05 09:39:18 | 000,057,856 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBVCD.sys -- (USBVCD)
DRV - [2004/10/05 09:39:18 | 000,004,992 | ---- | M] (Canon Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBREC.sys -- (USBREC)
DRV - [2004/08/03 15:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2003/07/02 03:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/10 05:25:30 | 000,156,672 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fasttx2k.sys -- (fasttx2k)
DRV - [2001/10/24 15:16:10 | 000,036,224 | ---- | M] (LinkSys Group Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lne100v5.sys -- (LNE100) Linksys LNE100TX(v5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 73 7B D0 4D 9A CC 01 [binary data]
IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Eli\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/06 22:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/03 10:42:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/03 10:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eli\Application Data\Mozilla\Extensions
[2011/11/03 10:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/10 08:37:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/06/24 14:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/28 23:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 17:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/06 21:41:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe (D-Link)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://192.168.0.253:82/kxhcm10.ocx (KX-HCM10 Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.0.150/RemoteWeb.cab (Remote200 Control)
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} http://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab (CPlayFirstPiratePoppersControl Object)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/bingame/rock/default/popcaploader1.cab (PopCapLoaderCtrl Class)
O16 - DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.0.150/VideoViewer.cab (CViewerControl Object)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/bingame/amad/default/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239046279656 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/bingame/amun/default/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} http://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab (SpinTop Games Launcher)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://64.91.95.226/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://192.168.0.41/plugin/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10 (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/bingame/cnma/default/cinematycoon.cab (TikGames Online Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab (CPlayFirstSweetopiaControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{970F5321-FE70-4B09-B4DA-1FF80A398153}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/27 13:32:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 00:51:59 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/06 23:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\Application Data\AVG2012
[2011/11/06 22:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/11/06 22:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/06 22:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/06 22:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/06 22:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/06 21:45:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/06 21:20:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/06 20:16:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/06 20:16:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/06 20:16:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/06 20:16:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/06 20:15:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/06 20:14:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/03 13:59:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Eli\My Documents\My Videos
[2011/11/03 11:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\My Documents\Downloads
[2011/11/03 10:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\Local Settings\Application Data\Mozilla
[2011/11/03 10:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eli\Application Data\Mozilla
[2011/11/03 10:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(6).dll
[2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(5).dll
[2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(4).dll
[2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(3).dll
[2009/07/16 13:51:38 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa(2).dll
[2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(6).dll
[2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(5).dll
[2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(4).dll
[2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(3).dll
[2009/07/16 13:51:38 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc(2).dll
[2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(6).dll
[2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(5).dll
[2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(4).dll
[2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(3).dll
[2009/07/16 13:51:37 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv(2).dll
[2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(6).dll
[2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(5).dll
[2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(4).dll
[2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(3).dll
[2009/07/16 13:51:37 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1(2).dll
[2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(6).dll
[2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(5).dll
[2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(4).dll
[2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(3).dll
[2009/07/16 13:51:37 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm(2).dll
[2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(6).dll
[2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(5).dll
[2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(4).dll
[2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(3).dll
[2009/07/16 13:51:35 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc(2).dll
[2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(7).exe
[2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(6).exe
[2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(5).exe
[2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(4).exe
[2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(3).exe
[2009/07/16 13:51:35 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoms(2).exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 07:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/07 00:30:36 | 070,776,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/06 22:33:15 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/06 21:41:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/06 21:20:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/11/06 21:06:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 21:04:36 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{970F5321-FE70-4B09-B4DA-1FF80A398153}
[2011/11/06 21:04:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 21:04:29 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011/11/06 21:04:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/06 21:04:21 | 1073,258,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 19:05:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Eli\Desktop\MBR.dat
[2011/11/06 14:02:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 13:07:46 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/06 13:07:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/06 11:30:42 | 000,494,522 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 11:30:42 | 000,090,152 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 11:27:24 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/03 10:42:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/03 10:42:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 22:33:15 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/06 21:20:38 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/11/06 21:20:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/06 20:16:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/06 20:16:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/06 20:16:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/06 20:16:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/06 20:16:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/06 19:05:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Eli\Desktop\MBR.dat
[2011/11/03 10:42:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/03 10:42:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/03 10:42:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/11/03 08:38:51 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/08/01 00:58:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/31 23:21:08 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dwiwa.dat
[2011/07/31 23:21:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bhicewa.bin
[2011/05/05 18:49:50 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2011/05/05 18:49:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2011/03/29 11:30:07 | 000,245,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/22 13:10:35 | 000,000,089 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/02/09 16:03:43 | 000,000,025 | ---- | C] () -- C:\WINDOWS\PERFV200P.ini
[2009/11/19 12:03:38 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/03 13:13:47 | 000,075,992 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/22 11:08:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(6).dll
[2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(5).dll
[2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(4).dll
[2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(3).dll
[2009/07/16 13:54:50 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs(2).dll
[2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(6).dll
[2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(5).dll
[2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(4).dll
[2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(3).dll
[2009/07/16 13:54:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps(2).dll
[2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(6).dll
[2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(5).dll
[2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(4).dll
[2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(3).dll
[2009/07/16 13:54:50 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4(2).dll
[2009/07/16 13:54:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDWPMON.DLL
[2009/07/16 13:54:31 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDWFXPU.DLL
[2009/07/16 13:54:11 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxdwoem.dll
[2008/10/28 11:54:01 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2008/10/28 11:53:42 | 000,000,093 | ---- | C] () -- C:\WINDOWS\R300.ini
[2008/10/02 12:27:29 | 000,019,482 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2008/09/25 10:13:28 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2008/05/29 07:50:03 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Eli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 07:55:09 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\PFP110JPR.{PB
[2008/04/14 07:55:09 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Eli\Application Data\PFP110JCM.{PB
[2008/01/11 16:54:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007/12/31 09:18:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/13 14:29:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2007/10/17 10:38:11 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2007/10/17 10:38:11 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2007/10/16 11:54:05 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2007/10/05 13:18:34 | 000,327,680 | R--- | C] () -- C:\WINDOWS\System32\ZSHP2600.EXE
[2007/10/05 13:18:34 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\VSHP2600.DLL
[2007/10/05 13:18:33 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\ZHHP2600.EXE
[2007/10/05 13:18:29 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\ZHHP_RES.DLL
[2007/10/05 13:18:29 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\AGISSI.DLL
[2007/10/01 16:16:23 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/01 13:04:47 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2007/09/27 15:04:39 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2007/09/27 15:00:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/27 14:46:37 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Eli\Local Settings\Application Data\fusioncache.dat
[2007/09/27 14:31:33 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2007/09/27 14:31:33 | 000,000,094 | ---- | C] () -- C:\WINDOWS\PARSONS.INI
[2007/09/27 14:31:32 | 000,180,857 | ---- | C] () -- C:\WINDOWS\unadb5.exe
[2007/09/27 14:31:32 | 000,108,032 | ---- | C] () -- C:\WINDOWS\UNWISE32.EXE
[2007/09/27 14:28:48 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/09/27 14:28:47 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2007/09/27 14:28:45 | 000,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2007/09/27 14:28:29 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2007/09/27 14:28:29 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2007/09/27 14:25:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/09/27 14:24:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/09/27 13:34:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/09/27 13:28:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/09/27 07:19:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/09/27 07:18:12 | 000,344,216 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/03 02:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/01 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/03 02:55:35 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ptipbmf.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/22 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/22 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/22 21:00:00 | 000,494,522 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/22 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/22 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/22 21:00:00 | 000,090,152 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/22 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/22 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/22 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/22 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

This is a long file. 2nd half to follow.

 

[efoxeli]

2nd half of OTL.Txt log

========== LOP Check ==========

[2009/07/16 13:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7600 Series
[2007/10/15 11:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/11/06 23:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/08/02 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/04/01 13:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/12 11:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/10/02 12:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2011/07/09 10:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/04/05 12:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2009/10/09 07:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/03/27 10:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2008/08/25 08:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/08/25 08:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/03/20 14:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/10/19 14:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
[2011/11/07 00:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2007/11/20 09:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/04/11 10:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/09 10:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2011/03/22 13:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2009/01/15 09:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/10/03 08:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/10/09 10:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/12/15 15:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2008/02/27 11:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2011/03/22 13:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/01/24 15:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2009/03/18 09:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/03/31 11:38:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 09:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/06 11:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/10 11:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B912DA22-7AAD-474B-8C8F-D82FF0C33BF5}
[2009/09/01 10:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\7600 Series
[2007/10/15 10:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Autodesk
[2011/11/06 23:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\AVG2012
[2010/06/15 10:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Binary Fortress Software
[2009/03/18 11:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/01 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\DAEMON Tools
[2009/04/01 14:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\DAEMON Tools Lite
[2009/04/01 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\DAEMON Tools Pro
[2009/01/12 14:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\ESET
[2010/03/09 11:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Facebook
[2009/10/09 09:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\GARMIN
[2010/04/05 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Genie-Soft
[2008/02/07 12:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\iWin
[2008/10/28 11:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Leadertech
[2009/08/05 14:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Lexmark Productivity Studio
[2007/11/01 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\PlayFirst
[2009/01/26 13:29:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Printer Info Cache
[2010/02/04 10:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Research In Motion
[2008/12/15 13:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Shape games
[2009/07/27 08:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Smith Micro
[2011/03/30 08:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Stamps.com Internet Postage
[2009/04/01 13:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\System Tweaker
[2009/08/12 11:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Uniblue
[2011/08/09 09:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\VS Revo Group
[2009/03/17 09:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Windows Search
[2009/04/23 14:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eli\Application Data\Z-Firm LLC
[2011/08/15 12:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\1B9BC4F535B50877E27F93AA11E6F469
[2011/08/05 12:00:00 | 000,000,178 | ---- | M] () -- C:\WINDOWS\Tasks\backup.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2007/09/27 13:32:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/12 11:22:54 | 000,000,233 | ---- | M] () -- C:\backup.bat
[2009/11/12 10:24:12 | 000,008,832 | ---- | M] () -- C:\backup.reg
[2010/06/23 14:03:39 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/11/06 21:20:38 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/06 21:45:44 | 000,014,169 | ---- | M] () -- C:\ComboFix.txt
[2007/09/27 13:32:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/08 13:28:33 | 000,000,045 | ---- | M] () -- C:\error.log
[2011/01/19 12:02:29 | 000,000,262 | ---- | M] () -- C:\faxfile.log
[2011/11/06 21:04:21 | 1073,258,496 | -HS- | M] () -- C:\hiberfil.sys
[2007/09/27 13:32:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/11 14:42:09 | 000,104,682 | ---- | M] () -- C:\lma_log.html
[2009/04/10 10:48:23 | 000,034,918 | ---- | M] () -- C:\log.html
[2007/09/27 13:32:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/02 23:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/18 08:20:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/06 21:04:20 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2008/01/18 13:29:17 | 000,102,489 | ---- | M] () -- C:\playground.log
[2011/08/08 14:56:46 | 000,000,514 | ---- | M] () -- C:\rkill.log
[2011/11/06 18:12:55 | 000,057,296 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_06.11.2011_17.48.35_log.txt
[2009/08/20 09:15:22 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log
[2009/10/02 15:21:53 | 000,000,142 | ---- | M] () -- C:\þÀpctlsp.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/03/27 10:16:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/11/05 18:06:06 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/06/06 19:49:18 | 000,302,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp692.dll
[2006/03/18 01:00:00 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(2).dll
[2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(3).dll
[2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(4).dll
[2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(5).dll
[2008/05/16 08:06:55 | 000,121,856 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdwdrpp(6).dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2007/02/12 14:41:14 | 001,249,280 | ---- | M] () -- C:\WINDOWS\Amazing Universe Premium.scr
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/09/27 07:17:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/09/27 07:17:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/09/27 07:17:09 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/18 08:28:51 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/09/27 13:37:38 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2007/09/27 13:37:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Eli\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/08/08 14:55:09 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\Eli\Desktop\iExplore.exe
[2011/08/08 15:17:35 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Eli\Desktop\mbam-setup.exe
[2011/03/22 12:41:58 | 561,689,528 | ---- | M] (Intuit, Inc. ) -- C:\Documents and Settings\Eli\Desktop\QuickBooksPro2011.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/09/29 09:07:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Eli\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/16 17:03:44 | 000,116,884 | ---- | M] () -- C:\Documents and Settings\All Users\lxdwJSW.log
[2009/07/16 13:45:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/07/21 13:47:11 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Eli\Cookies\desktop.ini
[2011/11/06 23:54:25 | 001,474,560 | ---- | M] () -- C:\Documents and Settings\Eli\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/20 05:29:46 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 05:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/20 05:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/20 05:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1997/10/01 13:20:40 | 000,030,080 | ---- | M] () -- C:\WINDOWS\system\Ptabimp3.exe
[1994/11/22 14:09:58 | 000,317,116 | ---- | M] (Btrieve Technologies, Incorporated) -- C:\WINDOWS\system\WBTR32.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\backup.reg:SummaryInformation

< End of report >

 

[Broni]

Good news

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

==================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
  O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
  O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
  O3 - HKU\S-1-5-21-1409082233-1715567821-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  @Alternate Data Stream - 88 bytes -> C:\backup.reg:SummaryInformation
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[efoxeli]

A problem has come up

Hey Broni.

I was in the middle of the java install when AVG popped up, stopped everything I was doing, closed the install, terminated 2 processes, removed 5 files and deleted 2 registry keys.

Processes terminated:

privacy.exe
0.3526534183385933.exe

Files deleted:

privacyprotection.lnk
privacy.exe
privacy
e.tmp
0.3526534183385933.exe

Registry keys deleted:

hkey_users\s-1-5-21-140908223-1715567821-839522115-1003\software \2712425cd29893fe7bdc288eaa7e90d
hkey_users\s-1-5-21-140908223-1715567821-839522115-1003\software\microsoft\windows\currentversion\run\privacyprotection

What's up with that? Did I do something wrong? Should I try to install Java again?

 

[Broni]

It looks like something malicious.
Keep an eye on your computer and give Java another shot.

 

[efoxeli]

Hey Broni,

Java worked that time as did Javara. No problems. I ran OTL. Here's the log:

All processes killed
========== OTL ==========
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_USERS\S-1-5-21-1409082233-1715567821-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
ADS C:\backup.reg:SummaryInformation deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41703 bytes

User: Eli
->Temp folder emptied: 18697981 bytes
->Temporary Internet Files folder emptied: 3349810 bytes
->Java cache emptied: 42753976 bytes
->FireFox cache emptied: 39026577 bytes
->Apple Safari cache emptied: 1462272 bytes
->Flash cache emptied: 192091 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1014810 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 117952802 bytes
->Java cache emptied: 23683 bytes
->Flash cache emptied: 24962 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 879382 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13566344 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3915980 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 232.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Eli
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11072011_212905

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


I'll continue following your instructions while you look at this.

 

[efoxeli]

checkup.txt

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 4 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 29
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

 

[Broni]

Looks good....

 

[efoxeli]

ESETScan

Hey Broni,

TFC ran successfully as did ESET, finally, that took a long time. This morning I ran a whole computer scan using AVG Free 2012 and it found no threats.

Heres the ESET scan results:

C:\Documents and Settings\NetworkService\Application Data\1B9BC4F535B50877E27F93AA11E6F469\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\1B9BC4F535B50877E27F93AA11E6F469\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5PWV2Y83\index[1].htm HTML/Refresh.AU trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{18CC20FE-772F-4276-A214-16CC6E97046F}\RP23\A0006349.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined

I now have started using this computer for other things (email, surfing, etc.) and it seems to be running fine. I have some updates waiting to be installed. Is it safe to proceed with them now?

Thanks again and again for all your help.

 

[Broni]

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[efoxeli]

The warm glow of success

Hey Broni,

If my first born wasn't such a pain in the a**, he'd be yours. I can't thank you enough for putting up with my clumsiness and helping me to clean up this computer.

I'll take your advice on the maintenance programs and hopefully it won't happen again.

The computer seems to be running normally. Like most computers it has it's idiosyncrasies but nothing feels malicious or acts crazy anymore more so than usual.

Here is the OTL log just generated. I'll start the clean up.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eli
->Temp folder emptied: 4690128 bytes
->Temporary Internet Files folder emptied: 8036793 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86168756 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 924 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 163287500 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 28635 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1805260 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 252.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Eli
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_190152

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VBVKUMPS\l10n[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JD6SP1KW\jCarouselLite[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JD6SP1KW\superfish-1.4.8[1].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D1HKSAU0\contentslider[2].js not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\D1HKSAU0\search[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C8WANUPO\search[1].htm not found!
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2LQJR5WB\mymilwaukeeteams_com[1].txt not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2LQJR5WB\serchhippo_net[1].txt moved successfully.

Registry entries deleted on Reboot...

 

[Broni]

Way to go!!

Good luck and stay safe