Solved Computer acting very sluggish. virus?

Status
Not open for further replies.
K

kojudy1

Posts: 11   +0
I have a friends computer Im trying to rid of viruses or whatever is on it. Its been acting very slow in loading programs, and starting up. I followed the 6 steps and have the logs to share. Any help would be appreciated, if further info is needed let me know.

Its a 2.79ghz cpu and 1.5 gb of ram so it should definitely be running alot faster than what is is. After running the virus scan, and the malware bytes scan it is running a little bit faster, but still hang in trying to start up any new program. Here are the Logs:

------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6243

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

4/2/2011 12:14:31 AM
mbam-log-2011-04-02 (00-14-31).txt

Scan type: Quick scan
Objects scanned: 139616
Time elapsed: 31 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 6
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\TabDiscover (Adware.TabDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TABDISCOVER_SERVICE (Adware.TabDiscover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabDiscover Service (Adware.TabDiscover) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4C350B19-6CA1-4569-B14C-296D8D6535B2} (Adware.Jookz) -> Value: {4C350B19-6CA1-4569-B14C-296D8D6535B2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4C350B19-6CA1-4569-B14C-296D8D6535B2} (Adware.Jookz) -> Value: {4C350B19-6CA1-4569-B14C-296D8D6535B2} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page (Hijack.StartPage) -> Bad: (http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://jookz.toolbaroptions.com/?tmp=toolbar_results_jookz_v2_homepage&prt=jkwbtb04ie&v=15) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\tabdiscover (Adware.TabDiscover) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03} (Adware.TabDiscover) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\chrome (Adware.TabDiscover) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\defaults (Adware.TabDiscover) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\defaults\preferences (Adware.TabDiscover) -> Quarantined and deleted successfully.
c:\program files\tabdiscover (Adware.TabDiscover) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mozilla firefox\searchplugins\jookz.xml (Adware.Jookz) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\searchplugins\jookz.xml.bak (Adware.Jookz) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\chrome.manifest (Adware.TabDiscover) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\install.rdf (Adware.TabDiscover) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\chrome\tabdiscover.jar (Adware.TabDiscover) -> Delete on reboot.
c:\program files\mozilla firefox\extensions\{f9e87066-236c-4067-a3c2-bda51d6b6b03}\defaults\preferences\prefs.js (Adware.TabDiscover) -> Quarantined and deleted successfully.
____________________________________________________

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-02 00:34:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 Maxtor_6Y160M0 rev.YAR51HW0
Running: vvkeogeb.exe; Driver: C:\DOCUME~1\Vance\LOCALS~1\Temp\kwrdqkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB55AC7BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB55ACA12]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

____________________________________________________

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Vance at 0:43:37.78 on Sat 04/02/2011
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.866 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
svchost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Vance\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
mDefault_Page_URL = hxxp://www.google.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289639884546
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301594878171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\vance\applic~1\mozilla\firefox\profiles\bx6ufcpq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\vance\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-1-6 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 239368]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 27576]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-1-17 1803224]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-3-4 1523008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-6 517448]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-10 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
.
=============== Created Last 30 ================
.
2011-04-02 03:41:00 -------- d-----w- c:\docume~1\vance\applic~1\Malwarebytes
2011-04-02 03:38:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 03:38:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-02 03:37:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 03:37:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 19:05:55 -------- d-----w- c:\docume~1\vance\locals~1\applic~1\AVG Security Toolbar
2011-04-01 14:31:44 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-01 14:31:43 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-04-01 14:26:22 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-01 14:25:43 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-04-01 14:18:43 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-04-01 14:18:39 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-04-01 14:16:08 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-31 19:42:08 -------- d-----w- c:\windows\system32\scripting
2011-03-31 19:42:04 -------- d-----w- c:\windows\l2schemas
2011-03-31 19:42:01 -------- d-----w- c:\windows\system32\en
2011-03-31 19:42:00 -------- d-----w- c:\windows\system32\bits
2011-03-31 19:13:00 -------- d-----w- c:\windows\network diagnostic
2011-03-31 17:10:42 -------- d--h--w- C:\VritualRoot
2011-03-31 17:06:48 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-03-31 17:03:22 -------- d-----w- c:\program files\COMODO
2011-03-30 21:17:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo
2011-03-30 20:25:43 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-30 20:20:23 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 20:19:38 -------- d-----w- c:\docume~1\vance\applic~1\TuneUp Software
2011-03-30 20:18:57 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-03-30 20:17:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2011-03-30 20:16:24 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-30 20:05:33 21504 ----a-w- c:\windows\system32\hidserv.dll
.
==================== Find3M ====================
.
2011-02-05 00:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 00:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 0:45:41.65 ===============

____________________________________

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2010 4:12:08 AM
System Uptime: 4/2/2011 12:15:54 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M3918
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2792/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 90.562 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&10416D21&0&08F0
Service:
.
==== System Restore Points ===================
.
RP286: 11/13/2010 4:21:56 AM - Software Distribution Service 3.0
RP287: 11/13/2010 8:00:20 AM - Software Distribution Service 3.0
RP288: 11/14/2010 8:00:17 AM - Software Distribution Service 3.0
RP289: 11/15/2010 8:21:44 AM - System Checkpoint
RP290: 11/16/2010 9:19:24 AM - System Checkpoint
RP291: 11/17/2010 12:33:45 AM - Installed Enigma
RP292: 11/18/2010 2:00:14 AM - System Checkpoint
RP293: 11/19/2010 2:20:37 AM - System Checkpoint
RP294: 11/20/2010 6:00:11 AM - System Checkpoint
RP295: 11/21/2010 6:19:23 AM - System Checkpoint
RP296: 11/22/2010 6:21:26 AM - System Checkpoint
RP297: 11/23/2010 7:21:33 AM - System Checkpoint
RP298: 11/24/2010 8:18:57 AM - System Checkpoint
RP299: 11/25/2010 8:20:31 AM - System Checkpoint
RP300: 11/26/2010 9:14:34 AM - System Checkpoint
RP301: 11/27/2010 10:17:07 AM - System Checkpoint
RP302: 11/28/2010 11:12:40 AM - System Checkpoint
RP303: 11/29/2010 11:14:56 AM - System Checkpoint
RP304: 11/30/2010 12:07:02 PM - System Checkpoint
RP305: 12/1/2010 12:08:05 PM - System Checkpoint
RP306: 12/2/2010 1:05:51 PM - System Checkpoint
RP307: 12/3/2010 1:07:12 PM - System Checkpoint
RP308: 12/4/2010 1:28:44 PM - System Checkpoint
RP309: 12/5/2010 2:02:12 PM - System Checkpoint
RP310: 12/6/2010 2:05:31 PM - System Checkpoint
RP311: 12/7/2010 1:39:45 PM - Removed Apple Application Support
RP312: 12/7/2010 1:41:34 PM - Removed Apple Application Support
RP313: 12/7/2010 1:42:38 PM - Removed Apple Mobile Device Support
RP314: 12/8/2010 2:01:39 PM - System Checkpoint
RP315: 12/9/2010 3:01:06 PM - System Checkpoint
RP316: 12/10/2010 3:41:08 PM - System Checkpoint
RP317: 12/11/2010 4:31:08 PM - System Checkpoint
RP318: 12/12/2010 5:02:11 PM - System Checkpoint
RP319: 12/13/2010 6:15:21 PM - System Checkpoint
RP320: 12/14/2010 7:04:21 PM - System Checkpoint
RP321: 12/15/2010 7:22:00 PM - System Checkpoint
RP322: 1/12/2005 9:36:03 AM - System Checkpoint
RP323: 1/13/2005 10:08:30 AM - System Checkpoint
RP324: 1/14/2005 11:08:30 AM - System Checkpoint
RP325: 1/15/2005 11:09:35 AM - System Checkpoint
RP326: 1/16/2005 11:18:31 AM - System Checkpoint
RP327: 1/23/2005 10:29:22 PM - System Checkpoint
RP328: 1/24/2005 11:16:12 PM - System Checkpoint
RP329: 1/26/2005 12:16:12 AM - System Checkpoint
RP330: 1/27/2005 1:16:15 AM - System Checkpoint
RP331: 1/28/2005 2:16:13 AM - System Checkpoint
RP332: 1/29/2005 3:08:11 AM - System Checkpoint
RP333: 1/30/2005 3:23:00 AM - System Checkpoint
RP334: 1/31/2005 4:22:59 AM - System Checkpoint
RP335: 1/31/2005 9:28:23 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP336: 1/31/2005 9:28:50 PM - Installed AVG 2011
RP337: 1/31/2005 9:30:15 PM - Installed AVG 2011
RP338: 1/6/2011 8:42:11 PM - System Checkpoint
RP339: 3/30/2011 4:14:50 PM - Removed AVG 2011
RP340: 3/30/2011 4:16:02 PM - Software Distribution Service 3.0
RP341: 3/30/2011 4:18:52 PM - Installed TuneUp Utilities 2011
RP342: 3/30/2011 4:59:30 PM - Removed 184662
RP343: 3/30/2011 5:01:34 PM - Removed Bonjour
RP344: 3/30/2011 5:05:39 PM - Removed ijji REACTOR
RP345: 3/30/2011 5:11:03 PM - Removed MSN Toolbar Setup
RP346: 3/31/2011 2:44:15 AM - Removed AVG 2011
RP347: 3/31/2011 12:58:53 PM - Software Distribution Service 3.0
RP348: 3/31/2011 1:03:15 PM - Installed COMODO Internet Security
RP349: 3/31/2011 1:12:32 PM - Software Distribution Service 3.0
RP350: 3/31/2011 1:23:11 PM - Software Distribution Service 3.0
RP351: 3/31/2011 1:37:15 PM - Software Distribution Service 3.0
RP352: 3/31/2011 2:11:39 PM - Software Distribution Service 3.0
RP353: 4/1/2011 2:23:23 PM - System Checkpoint
RP354: 4/1/2011 3:11:10 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acoustica Effects Pack
Acoustica Mixcraft 4.5
Acoustica Mixcraft 5
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
AIM 7
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVG 2011
BearShare
COMODO Internet Security
Counter-Strike
Enigma
ESPNMotion
FL Studio 9
FL Studio v7.0
FrostWire 4.21.1
Full Tilt Poker
Google Chrome
Google Earth
Google Update Helper
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
IL Download Manager
Intel(R) PRO Network Adapters and Drivers
iTunes
Java(TM) 6 Update 17
LimeWire 5.5.16
Live 6.0.1
Live 6.0.11
MA_CMIDI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
NVIDIA Drivers
PoiZone
QuickTime
Rob Papen Predator V1.1.1
Sawer
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Encoders
SoundMAX
Steam
Super Mario 3 : Mario Forever
Sylenth1 v2.20
Toxic Biohazard
TruePianos 1.5.0
TruePianos: Amber Module 1.4.0
TruePianos: Diamond Module 1.4.0
TruePianos: Emerald Module 1.4.0
TruePianos: Sapphire Module 1.4.0
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip 14.0
.
==== Event Viewer Messages From Past Week ========
.
4/2/2011 12:19:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
4/1/2011 11:10:49 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
3/31/2011 3:47:55 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4012-AFF7-4AC3-AAC2-9F24C1457BCE}
3/31/2011 3:26:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2011 3:26:03 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/31/2011 3:25:10 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/31/2011 2:51:15 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
3/31/2011 2:30:26 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVGIDSAgent service to connect.
3/31/2011 2:30:26 AM, error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/31/2011 12:53:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/31/2011 12:53:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {C1174535-161F-4CB7-B63F-A12BA2EB7C88}
3/31/2011 12:36:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {5EF1CF5D-87A9-434B-8786-2A08E1C30F6C}
3/31/2011 12:36:13 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
3/31/2011 12:35:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/31/2011 1:26:33 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP.
3/31/2011 1:10:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the TuneUp.UtilitiesSvc service.
3/31/2011 1:09:07 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/30/2011 4:25:47 PM, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
3/30/2011 4:17:30 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

You're running two AV programs, Comodo and AVG.
One of them has to go.
I suggest, you uninstall AVG, using AVG Remover: http://www.avg.com/us-en/download-tools

When done...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
OK had some problems with combofix, but i think i got it to work. I got rid of AVG also.... here are the logs:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 intelide.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AE000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA338000 cercsr6.sys
0xB9EF3000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ED3000 fltmgr.sys
0xB9EC1000 sr.sys
0xBA340000 PxHelp20.sys
0xB9EAA000 KSecDD.sys
0xB9E1D000 Ntfs.sys
0xB9E07000 inspect.sys
0xB9DDA000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xBA348000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xB9DC0000 Mup.sys
0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB94AB000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9497000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9473000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB944D000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xB93B7000 \SystemRoot\system32\drivers\smwdm.sys
0xB91CE000 \SystemRoot\system32\drivers\portcls.sys
0xBA198000 \SystemRoot\system32\drivers\drmk.sys
0xB91AB000 \SystemRoot\system32\drivers\ks.sys
0xBA5D0000 \SystemRoot\system32\drivers\aeaudio.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB9197000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA590000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA75D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9130000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB911F000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA468000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA470000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB87A9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9080000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA480000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA60A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB874B000 \SystemRoot\system32\DRIVERS\update.sys
0xB9BFA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9070000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9060000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA60C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA580000 \SystemRoot\System32\DRIVERS\cmderd.sys
0xB6612000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0xBA60E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA743000 \SystemRoot\System32\Drivers\Null.SYS
0xBA610000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
0xBA612000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA614000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA4B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB87FD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB65B7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB655E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA370000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xB6536000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB6514000 \SystemRoot\System32\drivers\afd.sys
0xB9030000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB64E9000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB87DD000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB6479000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9010000 \SystemRoot\System32\Drivers\Fips.SYS
0xB6453000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8C91000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA360000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA550000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8C71000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA558000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA54C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8C61000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB6413000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA622000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9D73000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3F8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7D6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB613F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA664000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB5CCB000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5A86000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA168000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA74B000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0xB5379000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB534E000
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 26):
0 System Idle Process
4 System
608 C:\WINDOWS\system32\smss.exe
912 csrss.exe
1112 C:\WINDOWS\system32\winlogon.exe
1252 C:\WINDOWS\system32\services.exe
1280 C:\WINDOWS\system32\lsass.exe
1584 C:\WINDOWS\system32\svchost.exe
1688 svchost.exe
1832 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1912 C:\WINDOWS\system32\svchost.exe
204 svchost.exe
460 svchost.exe
724 C:\WINDOWS\system32\spoolsv.exe
904 svchost.exe
956 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
716 C:\WINDOWS\explorer.exe
280 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
1288 C:\WINDOWS\system32\dllhost.exe
3696 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
508 C:\WINDOWS\system32\svchost.exe
524 C:\WINDOWS\system32\wscntfy.exe
2172 C:\WINDOWS\ehome\ehrecvr.exe
2644 C:\Program Files\Mozilla Firefox\firefox.exe
1776 C:\Program Files\Mozilla Firefox\plugin-container.exe
3996 C:\Documents and Settings\Vance\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor6Y160M0, Rev: YAR51HW0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


______________________________________

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/02/2011 at 15:12:54.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\userinit.exe


Rkill completed on 04/02/2011 at 15:12:58.

________________________________________________

ComboFix 11-03-30.02 - Vance 04/02/2011 15:22:57.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1299 [GMT -4:00]
Running from: c:\documents and settings\Vance\Desktop\Kent.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Vance\Start Menu\Programs\System Tool
C:\drvrtmp
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-03-02 to 2011-04-02 )))))))))))))))))))))))))))))))
.
.
2011-04-02 05:10 . 2011-04-02 05:10 -------- d-----w- c:\program files\ESET
2011-04-02 03:41 . 2011-04-02 03:41 -------- d-----w- c:\documents and settings\Vance\Application Data\Malwarebytes
2011-04-02 03:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 03:38 . 2011-04-02 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-02 03:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 03:37 . 2011-04-02 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 19:05 . 2011-04-01 19:05 -------- d-----w- c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar
2011-04-01 14:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-01 14:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-04-01 14:26 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-01 14:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-04-01 14:18 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-04-01 14:18 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-04-01 14:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\scripting
2011-03-31 19:42 . 2011-03-31 19:42 -------- d-----w- c:\windows\l2schemas
2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\en
2011-03-31 19:42 . 2011-03-31 20:15 -------- d-----w- c:\windows\system32\bits
2011-03-31 17:10 . 2011-03-31 17:10 -------- d-----w- C:\VritualRoot
2011-03-31 17:06 . 2011-04-02 19:10 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-03-31 17:03 . 2011-03-31 17:03 -------- d-----w- c:\program files\COMODO
2011-03-30 21:17 . 2011-03-31 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-03-30 20:25 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-30 20:20 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 20:19 . 2011-03-30 20:19 -------- d-----w- c:\documents and settings\Vance\Application Data\TuneUp Software
2011-03-30 20:18 . 2011-03-30 20:26 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-03-30 20:17 . 2011-03-30 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-03-30 20:16 . 2011-03-30 20:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-30 20:05 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 00:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 00:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2010-01-10 09:02 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-01-10 09:02 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Vance\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Vance\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-10 10:00 135664 ----atw- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 15:16 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 15:16 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 15:16 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-01 04:29 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MA_CMIDI_InstallerService"=2 (0x2)
"wlidsvc"=2 (0x2)
"mstbsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"spkrmon"=2 (0x2)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"TabDiscover Service"=2 (0x2)
"Jookz Toolbar Helper"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Akamai"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\vap3one\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/4/2011 12:30 PM 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 10:27 PM 10064]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 7:00 AM 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:24 AM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 15:28
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(252)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(308)
c:\windows\system32\guard32.dll
.
Completion time: 2011-04-02 15:30:46
ComboFix-quarantined-files.txt 2011-04-02 19:30
.
Pre-Run: 99,652,734,976 bytes free
Post-Run: 99,615,170,560 bytes free
.
- - End Of File - - 5CA2885BA136CFD2DD045C8537BA9739
 
Try to run Following Combofix in normal mode, or at least in Safe Mode with Networking, so recovery console can be installed.

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\User Data\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]

Folder::
c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I couldnt get it to run in normal mode. I ran it through safe mode with networking, and installed the recovery console. It did pop up saying comodo was active before it ran. I didnt see any kind of processes from comodo in task manager tho so i just went through with it. Heres the log:

ComboFix 11-04-02.03 - Vance 04/02/2011 22:42:39.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.1287 [GMT -4:00]
Running from: c:\documents and settings\Vance\Desktop\Kent.exe
Command switches used :: c:\documents and settings\Vance\Desktop\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar
c:\documents and settings\Vance\Local Settings\Application Data\AVG Security Toolbar\cache\overlay.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2011-04-02 05:10 . 2011-04-02 05:10 -------- d-----w- c:\program files\ESET
2011-04-02 03:41 . 2011-04-02 03:41 -------- d-----w- c:\documents and settings\Vance\Application Data\Malwarebytes
2011-04-02 03:38 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 03:38 . 2011-04-02 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-02 03:37 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 03:37 . 2011-04-02 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-01 14:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-04-01 14:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-04-01 14:26 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-04-01 14:25 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-04-01 14:18 . 2009-08-13 15:16 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-04-01 14:18 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-04-01 14:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\scripting
2011-03-31 19:42 . 2011-03-31 19:42 -------- d-----w- c:\windows\l2schemas
2011-03-31 19:42 . 2011-03-31 20:19 -------- d-----w- c:\windows\system32\en
2011-03-31 19:42 . 2011-03-31 20:15 -------- d-----w- c:\windows\system32\bits
2011-03-31 17:10 . 2011-03-31 17:10 -------- d-----w- C:\VritualRoot
2011-03-31 17:06 . 2011-04-03 02:33 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-03-31 17:03 . 2011-03-31 17:03 -------- d-----w- c:\program files\COMODO
2011-03-30 21:17 . 2011-03-31 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-03-30 20:25 . 2011-03-04 16:28 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-03-30 20:20 . 2011-03-04 16:32 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-03-30 20:19 . 2011-03-30 20:19 -------- d-----w- c:\documents and settings\Vance\Application Data\TuneUp Software
2011-03-30 20:18 . 2011-03-30 20:26 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-03-30 20:17 . 2011-03-30 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2011-03-30 20:16 . 2011-03-30 20:16 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-30 20:05 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-05 00:48 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-05 00:48 . 2004-08-10 11:00 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 07:58 . 2010-01-10 09:02 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-01-10 09:02 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 11:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 21:37 . 2011-01-06 21:37 94784 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-01-06 21:37 . 2011-01-06 21:37 27576 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-01-06 21:37 . 2011-01-06 21:37 239368 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-01-06 21:37 . 2011-01-06 21:37 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-18 2548552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Vance\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Vance^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Vance\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-03-08 21:04 3972440 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-10 10:00 135664 ----atw- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-18 01:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 15:16 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 15:16 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 15:16 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-12-01 04:29 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MA_CMIDI_InstallerService"=2 (0x2)
"wlidsvc"=2 (0x2)
"mstbsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"spkrmon"=2 (0x2)
"NVSvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"gupdate"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"TabDiscover Service"=2 (0x2)
"Jookz Toolbar Helper"=2 (0x2)
"mnmsrvc"=3 (0x3)
"MHN"=3 (0x3)
"McrdSvc"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"Akamai"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\vap3one\\counter-strike\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1063:TCP"= 1063:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [1/6/2011 5:37 PM 15592]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 5:37 PM 27576]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 5:37 PM 239368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [3/4/2011 12:30 PM 1523008]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [11/29/2010 10:27 PM 10064]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 7:00 AM 14336]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 5:24 AM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:24]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
- c:\documents and settings\Vance\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-10 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mLocal Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchAssistant = hxxp://search.bearshare.com/sidebar.html?src=ssb&sysid=2
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG10\Firefox4
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-02 22:47
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1180)
c:\windows\system32\guard32.dll
.
Completion time: 2011-04-02 22:49:58
ComboFix-quarantined-files.txt 2011-04-03 02:49
ComboFix2.txt 2011-04-02 19:30
.
Pre-Run: 99,385,688,064 bytes free
Post-Run: 99,375,513,600 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 65AA80C1E75F4F4A440D8FB1D4805D1C
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL LOG:

OTL logfile created on: 4/3/2011 12:17:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vance\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 92.75 Gb Free Space | 62.24% Space Free | Partition Type: NTFS

Computer Name: MINDSHID-33E87C | User Name: Vance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
PRC - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/31 02:30:04 | 003,229,784 | ---- | M] () [Disabled | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/04 12:30:34 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2005/09/28 20:06:30 | 000,094,208 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2003/08/28 18:01:22 | 000,061,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2011/01/06 17:37:04 | 000,094,784 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/01/06 17:37:04 | 000,027,576 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/01/06 17:37:02 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/01/06 17:37:02 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/11/29 22:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Jookz"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Jookz"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com/firefox"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 00:24:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/07 14:38:40 | 000,000,000 | ---D | M]

[2010/11/28 16:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions
[2010/01/10 06:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/02 22:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions
[2010/11/28 16:51:53 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions\vshare@toolbar
[2010/11/28 16:51:58 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\searchplugins\web-search.xml
[2011/04/02 00:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/01/10 06:00:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/04/02 22:47:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289639884546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1301594878171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 05:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 00:15:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
[2011/04/02 22:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/02 22:40:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 22:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/02 15:16:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 15:16:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 15:16:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 15:16:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 15:13:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 01:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/01 23:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\Malwarebytes
[2011/04/01 23:38:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/01 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 23:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/01 23:37:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/01 23:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/01 23:10:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
[2011/04/01 15:03:55 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/01 08:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/31 15:42:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/03/31 15:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/31 15:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/03/31 15:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/31 15:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/03/31 15:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/03/31 14:33:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/03/31 14:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/03/31 13:10:42 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/03/31 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/03/31 13:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/30 17:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/03/30 16:25:43 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/03/30 16:20:23 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/03/30 16:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2011/03/30 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
[2011/03/30 16:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/03/30 16:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/30 16:16:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

========== Files - Modified Within 30 Days ==========

[2011/04/03 00:25:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
[2011/04/03 00:21:49 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
[2011/04/03 00:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/02 22:52:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/02 22:51:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 22:47:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 22:40:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/04/02 22:37:19 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
[2011/04/02 22:30:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
[2011/04/02 22:30:10 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
[2011/04/02 15:08:48 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
[2011/04/02 14:58:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
[2011/04/02 00:38:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
[2011/04/02 00:29:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
[2011/04/01 23:10:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
[2011/04/01 22:57:44 | 000,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/01 15:37:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/01 15:03:57 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/01 11:25:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
[2011/04/01 08:24:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/01 08:24:22 | 000,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/01 08:24:22 | 000,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/01 08:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 15:10:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/31 13:04:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/03/31 13:02:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/03/30 16:29:35 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/03/04 12:32:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll

========== Files Created - No Company Name ==========

[2011/04/02 22:40:40 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/04/02 22:40:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 22:30:19 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
[2011/04/02 22:30:08 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
[2011/04/02 15:16:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 15:16:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 15:16:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 15:16:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 15:16:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 15:09:31 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
[2011/04/02 15:08:46 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
[2011/04/02 14:58:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
[2011/04/02 00:38:11 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
[2011/04/02 00:29:34 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
[2011/03/31 13:06:48 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/03/31 13:04:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/03/30 16:20:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2010/11/28 16:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/15 10:41:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/07/03 00:52:30 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2010/03/31 01:53:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 00:17:55 | 000,013,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/10 05:52:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/01/10 05:17:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\fusioncache.dat
[2010/01/10 05:12:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 05:05:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 20:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/05/03 11:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 11:16:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/03 11:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 11:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/03 11:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 11:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 11:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/03 11:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/03 11:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 20:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 20:56:41 | 000,097,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,401,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,062,460 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/08 11:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Front
[2010/01/13 02:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/01/13 03:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/01/10 05:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/11/16 23:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2005/01/31 22:35:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/10 05:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/06 19:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nFaLf06307
[2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/03/30 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/23 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/30 16:16:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/12/07 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 06:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/16 23:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/10/08 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\4Front
[2010/01/13 02:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Ableton
[2010/01/10 05:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\acccore
[2010/01/13 03:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Acoustica
[2010/11/04 02:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Applied Acoustics Systems
[2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10
[2010/02/14 04:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Blitware
[2010/12/15 16:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\FrostWire
[2010/01/13 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\ijjigame
[2010/11/17 02:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\LimeWire
[2010/12/02 23:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\OpenCandy
[2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Otto
[2010/08/24 14:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\SynthMaker
[2011/03/30 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
[2010/08/20 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/10 05:09:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/31 13:02:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/04/02 22:40:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/02 22:49:58 | 000,014,466 | ---- | M] () -- C:\ComboFix.txt
[2010/01/10 05:09:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/03 00:48:47 | 000,565,248 | -HS- | M] () -- C:\ehthumbs.db
[2010/01/10 05:09:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/31 19:32:38 | 000,001,313 | -H-- | M] () -- C:\IPH.PH
[2010/01/10 05:09:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/03/31 15:10:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/02 22:51:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/04/02 22:35:49 | 000,000,359 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/01/10 05:08:21 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/05/07 12:39:07 | 000,001,698 | -H-- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/07/03 00:52:30 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/01/09 20:55:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/09 20:55:45 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/09 20:55:44 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/03/31 15:46:53 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/01 15:04:08 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/01/10 05:31:35 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/02 22:37:19 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
[2011/04/02 14:58:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
[2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
[2011/04/02 22:30:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
[2011/04/01 23:10:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
[2011/04/02 00:29:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/11/12 04:09:03 | 001,228,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vance\My Documents\Captivate_5_WWEFDJ.exe
[2010/11/07 04:01:49 | 001,228,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vance\My Documents\Photoshop_12_LS1.exe
[2010/11/12 04:52:44 | 001,228,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Vance\My Documents\PremierePro_5_LS7.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/01 15:04:08 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Vance\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/02 22:54:35 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Vance\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 07:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 05:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 05:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 05:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 05:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras LOG:

OTL Extras logfile created on: 4/3/2011 12:17:31 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vance\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 92.75 Gb Free Space | 62.24% Space Free | Partition Type: NTFS

Computer Name: MINDSHID-33E87C | User Name: Vance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"1063:TCP" = 1063:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Steam\steamapps\vap3one\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\vap3one\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = MA_CMIDI
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Acoustica Mixcraft 5" = Acoustica Mixcraft 5
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"BearShare" = BearShare
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"FL Studio 9" = FL Studio 9
"FL Studio_is1" = FL Studio v7.0
"FrostWire" = FrostWire 4.21.1
"IL Download Manager" = IL Download Manager
"LimeWire" = LimeWire 5.5.16
"Live 6.0.1" = Live 6.0.1
"Live 6.0.11" = Live 6.0.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"Predator_is1" = Rob Papen Predator V1.1.1
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Sawer" = Sawer
"Steam App 10" = Counter-Strike
"Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
"Sylenth1_is1" = Sylenth1 v2.20
"Toxic Biohazard" = Toxic Biohazard
"TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
"TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
"TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos_is1" = TruePianos 1.5.0
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2005 10:32:06 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/11/2005 10:32:06 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 1/11/2005 10:32:06 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/11/2005 11:21:00 PM | Computer Name = MINDSHID-33E87C | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4027.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/16/2005 8:43:22 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/16/2005 8:43:22 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/16/2005 8:43:27 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/16/2005 8:43:39 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/16/2005 8:43:39 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/16/2005 8:43:49 PM | Computer Name = MINDSHID-33E87C | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 4/2/2011 3:37:18 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7031
Description = The Media Center Receiver Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 4/2/2011 3:37:22 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/2/2011 10:23:27 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/2/2011 10:25:25 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/2/2011 10:35:05 PM | Computer Name = MINDSHID-33E87C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/2/2011 10:35:58 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/2/2011 10:35:58 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cmdGuard Fips intelppm OMCI

Error - 4/2/2011 10:50:25 PM | Computer Name = MINDSHID-33E87C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/2/2011 10:52:10 PM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 4/3/2011 12:16:38 AM | Computer Name = MINDSHID-33E87C | Source = Service Control Manager | ID = 7034
Description = The TuneUp Utilities Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M]
[2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
[2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL LOG:

OTL logfile created on: 4/3/2011 11:44:31 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Vance\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 92.63 Gb Free Space | 62.17% Space Free | Partition Type: NTFS

Computer Name: MINDSHID-33E87C | User Name: Vance | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
PRC - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE


========== Modules (SafeList) ==========

MOD - [2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
MOD - [2010/12/29 01:42:04 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (MSDTC)
SRV - [2011/03/31 02:30:04 | 003,229,784 | ---- | M] () [Unknown | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/04 12:30:34 | 001,523,008 | ---- | M] (TuneUp Software) [Unknown | Stopped] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) [Unknown | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/01/17 23:30:46 | 001,803,224 | ---- | M] (COMODO) [Unknown | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2005/09/28 20:06:30 | 000,094,208 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2003/08/28 18:01:22 | 000,061,440 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)


========== Driver Services (SafeList) ==========

DRV - [2011/01/06 17:37:04 | 000,094,784 | ---- | M] (COMODO) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/01/06 17:37:04 | 000,027,576 | ---- | M] (COMODO) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp)
DRV - [2011/01/06 17:37:02 | 000,239,368 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard)
DRV - [2011/01/06 17:37:02 | 000,015,592 | ---- | M] (COMODO) [File_System | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\cmderd.sys -- (cmderd)
DRV - [2010/11/29 22:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | Unknown | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | Unknown | Running] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb&sysid=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Jookz"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Jookz"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com/firefox"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q="


FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 11:31:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 11:39:30 | 000,000,000 | ---D | M]

[2010/11/28 16:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions
[2010/01/10 06:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/03 11:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions
[2010/11/28 16:51:53 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\extensions\vshare@toolbar
[2010/11/28 16:51:58 | 000,001,583 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Mozilla\Firefox\Profiles\bx6ufcpq.default\searchplugins\web-search.xml
[2011/04/03 11:39:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/03 11:39:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/01/10 06:00:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/02 22:47:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme [2010/01/10 05:04:06 | 000,000,000 | ---D | M]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289639884546 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1301594878171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vance\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 05:09:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 11:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/04/03 11:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/03 11:31:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/03 00:15:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
[2011/04/02 22:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/02 22:40:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 22:34:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011/04/02 15:16:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 15:16:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 15:16:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 15:16:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 15:16:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 15:13:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 01:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/01 23:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\Malwarebytes
[2011/04/01 23:38:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/01 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/01 23:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/01 23:37:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/01 23:37:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/01 23:10:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
[2011/04/01 15:03:55 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/01 08:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/31 15:42:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/03/31 15:42:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/03/31 15:42:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/03/31 15:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/03/31 15:42:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/03/31 15:13:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/03/31 14:33:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/03/31 14:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/03/31 13:10:42 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2011/03/31 13:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/03/31 13:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/03/30 17:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/03/30 16:25:43 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2011/03/30 16:20:23 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/03/30 16:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2011/03/30 16:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
[2011/03/30 16:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011/03/30 16:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/03/30 16:16:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

========== Files - Modified Within 30 Days ==========

[2011/04/03 11:41:40 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/04/03 11:31:32 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 11:31:31 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 11:25:04 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003UA.job
[2011/04/03 11:25:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-2000478354-682003330-1003Core.job
[2011/04/03 11:23:29 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/03 11:22:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/03 01:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/03 00:15:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\OTL.exe
[2011/04/02 22:47:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 22:40:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/04/02 22:37:19 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
[2011/04/02 22:30:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
[2011/04/02 22:30:10 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
[2011/04/02 15:08:48 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
[2011/04/02 14:58:35 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
[2011/04/02 00:38:15 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
[2011/04/02 00:29:36 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
[2011/04/01 23:10:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vance\Desktop\TFC.exe
[2011/04/01 22:57:44 | 000,097,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/01 15:37:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/01 15:03:57 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/01 08:24:57 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/04/01 08:24:22 | 000,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/01 08:24:22 | 000,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/01 08:20:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 15:10:43 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/31 13:04:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/03/31 13:02:01 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/03/30 16:29:35 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Vance\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/03/04 12:32:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2011/03/04 12:28:08 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll

========== Files Created - No Company Name ==========

[2011/04/03 11:31:31 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/02 22:40:40 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/04/02 22:40:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 22:30:19 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.exe
[2011/04/02 22:30:08 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.scr
[2011/04/02 15:16:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 15:16:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 15:16:57 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 15:16:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 15:16:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 15:09:31 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Vance\Desktop\Kent.exe
[2011/04/02 15:08:46 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\rkill.com
[2011/04/02 14:58:34 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\MBRCheck.exe
[2011/04/02 00:38:11 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\dds.scr
[2011/04/02 00:29:34 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Vance\Desktop\vvkeogeb.exe
[2011/03/31 13:06:48 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/03/31 13:04:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2011/03/30 16:20:11 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TuneUp Utilities 2011
[2010/11/28 16:49:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/15 10:41:41 | 000,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/07/03 00:52:30 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2010/03/31 01:53:28 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 00:17:55 | 000,013,812 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/10 05:52:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/01/10 05:17:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Vance\Local Settings\Application Data\fusioncache.dat
[2010/01/10 05:12:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/10 05:05:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/27 20:12:22 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/05/03 11:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 11:16:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/03 11:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 11:16:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/03 11:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 11:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 11:16:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/03 11:16:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/03 11:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/08/05 18:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 20:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 20:56:41 | 000,097,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,401,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,062,460 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/08 11:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\4Front
[2010/01/13 02:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/01/13 03:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/01/10 05:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/11/16 23:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2005/01/31 22:35:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/10 05:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/01/06 22:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/06 19:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nFaLf06307
[2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/03/30 16:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/23 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/30 16:16:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/12/07 14:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/10 06:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/11/16 23:54:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A471C4AE-B27B-4761-9BCF-82FAAAAA2D01}
[2010/10/08 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\4Front
[2010/01/13 02:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Ableton
[2010/01/10 05:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\acccore
[2010/01/13 03:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Acoustica
[2010/11/04 02:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Applied Acoustics Systems
[2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10
[2010/02/14 04:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Blitware
[2010/12/15 16:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\FrostWire
[2010/01/13 19:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\ijjigame
[2010/11/17 02:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\LimeWire
[2010/12/02 23:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\OpenCandy
[2010/07/03 01:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\Otto
[2010/08/24 14:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\SynthMaker
[2011/03/30 16:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\TuneUp Software
[2010/08/20 15:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< :OTL >

< FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" >

< FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=" >

< FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared >

< FF - HKLM\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/31 02:41:20 | 000,000,000 | ---D | M] >
Invalid Switch: 31 02:41:20 | 000,000,000 | ---D | M]


< [2011/03/31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 >
Invalid Switch: 31 02:41:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4


< O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. >

< O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found >

< [2011/04/02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar >
Invalid Switch: 02 14:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar


< [2005/01/31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10 >
Invalid Switch: 31 22:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vance\Application Data\AVG10


< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyflash] >

< [Reboot] >

< End of report >


========================================

Checkup LOG:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Comodo Firewall cmdagent.exe
``````````End of Log````````````

================================================

ESET LOG:

C:\System Volume Information\_restore{572C362D-522F-4755-9FB8-8C3B66D274D6}\RP342\A0082367.msi multiple threats
 
This is not correct OTL log.
You clicked on "Scan" instead of "Fix" button.
Please, redo.

Also....
1. Do you have a whole Comodo Security Suite installed, or just firewall part?
2. Update Internet Explorer to version 8.
3. Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
 
Whooopss sorry about that. post that in just a sec.
I actually have the whole comodo security suite installed. I disabled it for a few different scans tho. I will update those programs too. Post back after I get my OTL log.
 
OK i updated all of the software... Also when I ran OTL it said something about DC1 not being found or couldnt be opened I cant remember which.
Heres the OTL fix log:

All processes killed
========== OTL ==========
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.avg.com/route/?d=4d26839e&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
C:\Program Files\AVG\AVG10\Firefox4\Components folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4\Chrome folder moved successfully.
C:\Program Files\AVG\AVG10\Firefox4 folder moved successfully.
Folder C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ .
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found not found.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
C:\Documents and Settings\Vance\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Vance\Application Data\AVG10 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vance
->Temp folder emptied: 7880 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39549231 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 48536984 bytes

Total Files Cleaned = 84.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Vance
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04032011_205950
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
OK I appreciate all your help. You guys are awesome. I still am thinking this computer should run faster than it is. I havent tried alot of different programs after all the cleanup, but firefox for example takes forever to start up after the computer starts. I end up killing it in task manager which takes about a minute in itself. Then it will start right up after that. Do you have any idea what the deal is with that? If it was my own personal computer I would just reinstall windows, but its my friends and he has a lot of stuff on here and doesnt want to, if he doesnt have too. Just seems like it should run smoother in my opinion compared to other computers Ive used. IDK if you have any ideas let me know. Here is the final log you asked for:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Vance
->Temp folder emptied: 560845 bytes
->Temporary Internet Files folder emptied: 19049975 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28280767 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 56473347 bytes

Total Files Cleaned = 100.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Vance
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04032011_214236

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same issue?
 
Well I just updated to firefox 4.0 a couple days ago. It seems theres no firefox with safe mode that I can see. I tried looking through all the mozilla folders in My Computer also and didnt see anything. Would you like me to just try it with windows in safe mode?
 
It should be there. My screenshot is from Vista, but it should look similar in XP:

p4477893.gif


..or...
Starting in Firefox 4, you can restart in Firefox Safe Mode via "Help -> Restart with Add-ons disabled...".
 
Hmm. I didnt see it. I went on my laptop and upgraded to 4 and didnt see it on there either. The computer that was having problems is XP, and my computer is Windows 7.
On the slow computer, it was doing the same thing before I upgraded it too.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
398
trparky
T

Latest posts

Back