Solved Ethernet card keeps crashing - possibly ntkrnlpa.exe related (AVG)

weird. I got rid of AVG with the link above. Seems it works. But now OTL won't work properly. It's not getting thru the scan and the program shuts down
any advice?
 
k, it worked. here's the scan. Thanks for helping me get rid of AVG. And for all the help being provided here.

OTL logfile created on: 6/4/2012 12:11:31 AM - Run 2
OTL by OldTimer - Version 3.2.46.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 64.16% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 126.50 Gb Free Space | 54.32% Space Free | Partition Type: NTFS

Computer Name: USER-AAA760148D | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/04 00:07:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2012/05/30 01:22:19 | 001,227,288 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/03/07 03:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/03/07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/29 02:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/04/14 15:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/30 04:56:06 | 000,278,528 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2007/06/30 04:54:16 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/06/30 04:53:34 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2007/01/02 00:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2003/04/06 02:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/06 01:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/06 01:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2003/03/09 07:31:02 | 000,065,795 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/03 19:48:43 | 001,765,888 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12060301\algo.dll
MOD - [2012/05/30 01:22:18 | 000,436,760 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\ppgooglenaclpluginchrome.dll
MOD - [2012/05/30 01:22:17 | 008,522,776 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\PepperFlash\pepflashplayer.dll
MOD - [2012/05/30 01:22:15 | 003,989,016 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\pdf.dll
MOD - [2012/05/30 01:21:01 | 000,526,872 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\libglesv2.dll
MOD - [2012/05/30 01:20:59 | 000,104,984 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\libegl.dll
MOD - [2012/05/30 01:20:50 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\avutil-51.dll
MOD - [2012/05/30 01:20:48 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\avformat-54.dll
MOD - [2012/05/30 01:20:47 | 002,387,496 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\avcodec-54.dll
MOD - [2012/01/08 16:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 02:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 02:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/04/14 15:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/06/30 04:54:22 | 000,167,936 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2007/06/30 04:54:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2007/06/30 04:54:16 | 000,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2007/06/30 04:53:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007/06/12 22:27:00 | 000,188,416 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Drivers\di2c.dll
MOD - [2003/03/09 07:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2001/10/29 04:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/21 10:56:19 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/07 03:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/12 02:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/06/17 22:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 12:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/07/30 06:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/04/14 15:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008/04/14 15:00:00 | 000,111,104 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008/04/14 15:00:00 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)
SRV - [2008/04/14 15:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008/04/14 15:00:00 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008/03/09 22:20:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/06/30 04:54:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2006/10/19 08:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003/03/09 07:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Recognizer | On_Demand | Unknown] -- -- (Mdobf2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WG11TND5.sys -- (AR5523)
DRV - [2012/03/07 03:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/07 03:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/07 03:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/07 03:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/07 03:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/07 03:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/07 02:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/01/05 02:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/07/22 19:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 00:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/29 18:03:34 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/03/30 10:39:10 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/03/30 10:39:06 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/03/30 10:38:48 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/07/29 04:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/23 00:32:26 | 000,015,976 | ---- | M] (REALiX(tm)) [Kernel | Auto | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)
DRV - [2008/06/25 19:47:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008/05/08 16:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/04/14 15:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 15:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 15:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 15:00:00 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 15:00:00 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 15:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2008/04/14 15:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008/04/14 15:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2008/02/14 09:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/06/12 22:27:00 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2006/11/17 04:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2005/09/07 22:09:36 | 000,017,230 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wirelecf.SYS -- (Wirelecf)
DRV - [2004/08/13 13:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/08/13 02:28:04 | 000,017,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip_hid.sys -- (ip_hid)
DRV - [2003/07/24 23:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...df15d688884&lang=en&ds=AVG&pr=fr&d=2012-05-24 09:50:18&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\..\SearchScopes\{B935EDC2-5FBE-4C6E-9BE0-F3EECE2986D7}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "https://www.feldheim.com/cgi-bin/admin/index.cgi?login"
FF - prefs.js..extensions.enabledItems: bitlypreview@jay.ridgeway:1.264
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 12:18:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/03/25 09:55:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/24 09:48:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/21 10:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/04 09:25:43 | 000,000,000 | ---D | M]

[2009/02/03 08:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/05/22 08:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9t5bglji.The Zoo\extensions
[2011/01/09 20:05:48 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9t5bglji.The Zoo\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/08/11 13:10:29 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9t5bglji.The Zoo\extensions\coralietab@mozdev.org
[2011/10/03 22:04:51 | 000,000,000 | ---D | M] (Disconnect) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\9t5bglji.The Zoo\extensions\disconnect@disconnect.me
[2009/09/29 21:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\dx0w5a43.default\extensions
[2009/09/24 19:35:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\dx0w5a43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/16 23:34:16 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\dx0w5a43.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/02 19:34:33 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\dx0w5a43.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/07/28 21:38:43 | 000,000,000 | ---D | M] (bit.ly preview) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\dx0w5a43.default\extensions\bitlypreview@jay.ridgeway
[2012/05/29 21:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/09 10:15:31 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2012/05/21 10:56:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/24 09:50:10 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/21 10:56:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/21 10:56:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\21.0.1155.2\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\user\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Egged Bus Times = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glefdkkbgjpojmnmjhdlnchpljdbeafo\0.1.0.6_0\
CHR - Extension: General Crawler = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje\2.0_0\
CHR - Extension: Poppit = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/03 19:52:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe (Portrait Displays, Inc)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.fujiprintnet.co.il/Online/ImageUploader/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98CA33EB-A124-4D77-BB90-F00DB99BBBEC}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\user\My Documents\My Pictures\Wallpapers\Exotic_Bird_1600.png
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 00:07:35 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/06/04 00:07:17 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/03 22:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\SecurityMetrics_files
[2012/06/03 22:32:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/03 22:31:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/03 21:40:57 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/06/03 21:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2012
[2012/06/03 19:38:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/03 19:38:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/03 19:38:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/03 19:38:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/03 19:36:48 | 004,535,468 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2012/06/01 09:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\bootkit_remover
[2012/06/01 08:39:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2012/05/31 16:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\programs and reports for malware site check
[2012/05/31 09:11:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/31 09:11:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/29 19:37:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ad-Aware Antivirus
[2012/05/29 19:33:25 | 006,236,280 | ---- | C] (Lavasoft Limited) -- C:\Documents and Settings\user\Desktop\Adaware_Installer.exe
[2012/05/24 09:49:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/05/24 09:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/24 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/24 09:44:35 | 003,878,424 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\user\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/05/21 10:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/21 10:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/17 11:48:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Books to Read
[2012/05/17 11:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Magento
[2012/05/17 11:46:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\Gidon
[2012/05/17 11:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\virus programs
[2012/05/15 21:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/05/07 19:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/07 10:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2012/05/07 10:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/05/07 10:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/04 00:07:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/06/03 23:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/03 23:26:15 | 000,025,398 | ---- | M] () -- C:\Documents and Settings\user\Desktop\WEBBANNER-shmuz.jpg
[2012/06/03 23:22:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2077806209-1801674531-1004UA.job
[2012/06/03 23:19:27 | 000,029,508 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Notepad2.ini
[2012/06/03 22:52:46 | 000,207,341 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SecurityMetrics.htm
[2012/06/03 22:32:31 | 000,000,302 | RHS- | M] () -- C:\boot.ini
[2012/06/03 22:30:55 | 004,535,468 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2012/06/03 22:20:13 | 000,000,184 | ---- | M] () -- C:\Boot.bak
[2012/06/03 19:52:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/03 18:04:14 | 000,013,668 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 10:36:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MBR.dat
[2012/06/01 08:39:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2012/05/31 23:51:19 | 000,021,742 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6241.jpg
[2012/05/31 23:48:54 | 000,011,766 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6465.jpg
[2012/05/31 23:45:08 | 000,018,828 | ---- | M] () -- C:\Documents and Settings\user\Desktop\1224.jpg
[2012/05/31 21:28:32 | 000,000,113 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tablerates_ups_test.csv
[2012/05/31 17:55:12 | 000,013,711 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6199.jpg
[2012/05/31 17:53:37 | 000,024,995 | ---- | M] () -- C:\Documents and Settings\user\Desktop\5701.jpg
[2012/05/31 17:42:41 | 000,008,650 | ---- | M] () -- C:\Documents and Settings\user\Desktop\5969.jpg
[2012/05/31 17:39:23 | 000,016,525 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6466.jpg
[2012/05/31 17:32:19 | 000,066,066 | ---- | M] () -- C:\Documents and Settings\user\Desktop\feldheimwebbanner-bookweek.jpg
[2012/05/31 17:05:14 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1309359847.job
[2012/05/31 14:22:10 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2077806209-1801674531-1004Core.job
[2012/05/31 09:56:51 | 000,436,010 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/31 09:56:51 | 000,068,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/31 08:39:20 | 000,017,141 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6376.jpg
[2012/05/31 02:47:49 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\user\Desktop\tablerates.csv
[2012/05/31 00:36:38 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND
[2012/05/30 22:14:53 | 000,340,001 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6635.jpg
[2012/05/30 22:14:53 | 000,267,759 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6634.jpg
[2012/05/30 21:21:12 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/05/30 21:21:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/05/30 20:57:52 | 003,213,949 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Brachial Plexus Injuries.pdf
[2012/05/29 22:32:18 | 000,002,211 | ---- | M] () -- C:\Documents and Settings\user\Desktop\20120529_ORDERS_192105.csv
[2012/05/29 22:32:16 | 000,004,657 | ---- | M] () -- C:\Documents and Settings\user\Desktop\20120529_ORDERS_190733.csv
[2012/05/29 20:59:28 | 002,676,673 | ---- | M] () -- C:\Documents and Settings\user\Desktop\05._LAN_AR81_WinXPx32x64_v_1.0.0.38.zip
[2012/05/29 20:46:13 | 000,476,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/29 20:41:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/29 19:37:05 | 000,834,122 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6504.jpg
[2012/05/29 19:33:28 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\user\Desktop\Adaware_Installer.exe
[2012/05/29 14:15:47 | 000,318,860 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2012/05/29 14:15:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2012/05/28 21:50:33 | 000,008,945 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6186.jpg
[2012/05/28 21:11:09 | 000,016,922 | ---- | M] () -- C:\Documents and Settings\user\Desktop\6503.jpg
[2012/05/28 12:55:58 | 000,034,814 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\dt.dat
[2012/05/28 12:49:58 | 000,004,897 | ---- | M] () -- C:\Documents and Settings\user\Desktop\config.xml
[2012/05/28 12:45:32 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\user\Desktop\cron.php
[2012/05/25 01:13:00 | 000,002,226 | ---- | M] () -- C:\Documents and Settings\user\Desktop\crontest.php
[2012/05/24 12:53:52 | 014,638,891 | ---- | M] () -- C:\Documents and Settings\user\Desktop\all_products2012-5-24.xml
[2012/05/24 09:44:40 | 003,878,424 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\user\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/05/17 14:47:43 | 014,231,193 | ---- | M] () -- C:\Documents and Settings\user\Desktop\all_products2012-5-17.xml
[2012/05/16 15:54:40 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\adsl.lnk
[2012/05/15 23:05:06 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/15 23:02:09 | 000,000,519 | ---- | M] () -- C:\hpfr3420.xml
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/03 23:26:15 | 000,025,398 | ---- | C] () -- C:\Documents and Settings\user\Desktop\WEBBANNER-shmuz.jpg
[2012/06/03 22:52:46 | 000,207,341 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SecurityMetrics.htm
[2012/06/03 22:32:31 | 000,000,184 | ---- | C] () -- C:\Boot.bak
[2012/06/03 22:32:28 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/03 22:20:02 | 000,000,302 | RHS- | C] () -- C:\boot.ini
[2012/06/03 19:38:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/03 19:38:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/03 19:38:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/03 19:38:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/03 19:38:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/01 10:36:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MBR.dat
[2012/05/31 23:51:18 | 000,021,742 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6241.jpg
[2012/05/31 23:45:07 | 000,018,828 | ---- | C] () -- C:\Documents and Settings\user\Desktop\1224.jpg
[2012/05/31 17:53:37 | 000,024,995 | ---- | C] () -- C:\Documents and Settings\user\Desktop\5701.jpg
[2012/05/31 17:46:13 | 000,013,711 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6199.jpg
[2012/05/31 17:42:41 | 000,008,650 | ---- | C] () -- C:\Documents and Settings\user\Desktop\5969.jpg
[2012/05/31 17:39:22 | 000,016,525 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6466.jpg
[2012/05/31 17:32:19 | 000,066,066 | ---- | C] () -- C:\Documents and Settings\user\Desktop\feldheimwebbanner-bookweek.jpg
[2012/05/30 22:14:53 | 000,267,759 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6634.jpg
[2012/05/30 22:14:52 | 000,340,001 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6635.jpg
[2012/05/30 20:57:52 | 003,213,949 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Brachial Plexus Injuries.pdf
[2012/05/29 22:32:17 | 000,002,211 | ---- | C] () -- C:\Documents and Settings\user\Desktop\20120529_ORDERS_192105.csv
[2012/05/29 22:32:15 | 000,004,657 | ---- | C] () -- C:\Documents and Settings\user\Desktop\20120529_ORDERS_190733.csv
[2012/05/29 20:56:24 | 002,676,673 | ---- | C] () -- C:\Documents and Settings\user\Desktop\05._LAN_AR81_WinXPx32x64_v_1.0.0.38.zip
[2012/05/29 19:37:05 | 000,834,122 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6504.jpg
[2012/05/29 19:16:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/29 19:16:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/05/28 21:50:33 | 000,008,945 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6186.jpg
[2012/05/28 21:16:08 | 000,011,766 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6465.jpg
[2012/05/28 21:11:09 | 000,016,922 | ---- | C] () -- C:\Documents and Settings\user\Desktop\6503.jpg
[2012/05/28 12:55:58 | 000,034,814 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\dt.dat
[2012/05/28 12:48:19 | 000,004,897 | ---- | C] () -- C:\Documents and Settings\user\Desktop\config.xml
[2012/05/25 01:12:59 | 000,002,226 | ---- | C] () -- C:\Documents and Settings\user\Desktop\crontest.php
[2012/05/24 12:53:27 | 014,638,891 | ---- | C] () -- C:\Documents and Settings\user\Desktop\all_products2012-5-24.xml
[2012/05/17 14:47:17 | 014,231,193 | ---- | C] () -- C:\Documents and Settings\user\Desktop\all_products2012-5-17.xml
[2012/05/16 15:54:40 | 000,000,532 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\adsl.lnk
[2012/05/07 16:22:16 | 000,318,860 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\census.cache
[2012/05/07 16:22:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\ars.cache
[2011/11/14 11:00:45 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\PUTTY.RND
[2011/09/05 16:44:02 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2011/09/05 16:44:02 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2011/06/29 17:56:38 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2011/06/29 17:56:38 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2011/06/15 14:07:28 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/06/15 14:07:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/06/29 08:00:33 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2010/06/29 07:59:17 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\ipmsaud.dll
[2010/06/29 07:59:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ipmwap.dll
[2010/06/29 07:59:17 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx5363.ini
[2010/06/20 21:59:47 | 000,011,264 | ---- | C] () -- C:\WINDOWS\icfutil.exe
[2010/06/20 21:59:47 | 000,001,536 | ---- | C] () -- C:\WINDOWS\RunHiddenConsole.exe

========== LOP Check ==========

[2010/10/20 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/03 23:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/05/29 21:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/05/24 09:49:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/01 12:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/05/29 21:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage
[2011/12/25 11:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/29 19:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ad-Aware Antivirus
[2012/06/03 21:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG2012
[2009/06/10 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CDBurnerXP_Soft
[2012/02/12 12:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DDMSettings
[2009/02/02 17:42:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DisplayTune
[2012/05/29 21:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Dropbox
[2012/06/03 23:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileZilla
[2009/11/17 01:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FrostWire
[2011/08/11 12:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\GetRightToGo
[2010/06/07 09:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Helios
[2011/08/18 11:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\KiTTY
[2011/12/29 12:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Media Finder
[2011/10/06 02:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenOffice.org
[2009/02/09 19:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PixelMetrics
[2009/02/23 19:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Podmailing
[2011/12/27 14:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\redsn0w
[2011/07/18 23:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TeamViewer
[2010/04/07 21:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/11/18 21:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\uTorrent
[2009/09/11 07:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\VoipStunt
[2012/05/29 21:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinFF
[2011/06/21 22:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YouSendIt
[2012/05/31 17:05:14 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1309359847.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/03 18:04:02 | 000,011,868 | ---- | M] () -- C:\aaw7boot.log
[2012/06/03 22:20:13 | 000,000,184 | ---- | M] () -- C:\Boot.bak
[2012/06/03 22:32:31 | 000,000,302 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/06/03 22:45:57 | 000,021,112 | ---- | M] () -- C:\ComboFix.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/05/15 23:02:09 | 000,000,519 | ---- | M] () -- C:\hpfr3420.xml
[2012/05/15 23:02:09 | 000,055,456 | ---- | M] () -- C:\hpfr3425.log
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/01/30 06:14:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/01/30 06:14:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 15:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/03 23:53:10 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/02/02 04:23:25 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009/06/23 20:42:57 | 000,012,138 | ---- | M] () -- C:\report.txt
[2009/02/01 12:24:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/03/18 10:58:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/09 08:02:15 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/09 22:32:38 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/01 12:24:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/03/18 10:58:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/09/09 08:02:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/09 22:32:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/03/17 08:00:36 | 000,000,016 | ---- | M] () -- C:\urlcache.log
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/19 02:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/30 01:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/19 02:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/30 01:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/30 06:14:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 15:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/10 00:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 13:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/07 03:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/02/17 21:54:28 | 000,011,440 | ---- | M] () -- C:\Program Files\WS_FTP.LOG
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/29 22:02:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/01/29 22:02:55 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/01/29 22:02:55 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/30 06:14:50 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/01/30 06:19:21 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/01/30 06:19:21 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/05/29 19:33:28 | 006,236,280 | ---- | M] (Lavasoft Limited) -- C:\Documents and Settings\user\Desktop\Adaware_Installer.exe
[2012/06/01 08:39:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\user\Desktop\aswMBR.exe
[2012/05/24 09:44:40 | 003,878,424 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\user\Desktop\avg_free_stb_all_2012_2176_cnet.exe
[2012/06/03 22:30:55 | 004,535,468 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2011/08/18 11:41:57 | 000,523,776 | ---- | M] (Simon Tatham) -- C:\Documents and Settings\user\Desktop\kitty.exe
[2009/10/06 11:00:00 | 000,588,288 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Notepad2.exe
[2012/06/04 00:07:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2008/04/14 15:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/05/31 17:05:14 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1309359847.job
[2012/05/31 14:22:10 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2077806209-1801674531-1004Core.job
[2012/06/03 23:22:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-2077806209-1801674531-1004UA.job
[2012/06/03 23:53:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/07/25 22:00:33 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\user\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/05/17 09:08:39 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\user\Cookies\desktop.ini
[2012/06/04 00:09:50 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\user\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/27 09:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 15:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2008/04/14 15:00:00 | 000,004,821 | R--- | M] () -- C:\Program Files\Messenger\logowin.gif
[2007/04/03 10:37:24 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 17:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/14 10:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 16:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/04/14 15:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2008/04/14 15:00:00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2008/04/14 15:00:00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/03 10:37:28 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/03 10:34:02 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1993/09/22 18:00:00 | 000,286,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system\MVIEWER2.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-31 06:57:09

========== Files - Unicode (All) ==========
[2012/03/09 08:44:57 | 000,207,360 | ---- | M] ()(C:\Documents and Settings\user\My Documents\????? ??? ?????? ?????.doc) -- C:\Documents and Settings\user\My Documents\פורים שמח ממשפחת ליונס.doc
[2012/03/09 08:44:57 | 000,207,360 | ---- | C] ()(C:\Documents and Settings\user\My Documents\????? ??? ?????? ?????.doc) -- C:\Documents and Settings\user\My Documents\פורים שמח ממשפחת ליונס.doc

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV - File not found [Recognizer | On_Demand | Unknown] -- -- (Mdobf2)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
    DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
    IE - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...df15d688884&lang=en&ds=AVG&pr=fr&d=2012-05-24 09:50:18&v=11.0.0.9&sap=dsp&q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/24 09:48:46 | 000,000,000 | ---D | M]
    [2012/05/24 09:50:10 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O4 - HKU\S-1-5-21-1078081533-2077806209-1801674531-1004..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/06/03 21:40:57 | 000,000,000 | ---D | C] -- C:\$AVG
    [2012/06/03 21:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG2012
    [2012/05/24 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/05/24 09:44:35 | 003,878,424 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\user\Desktop\avg_free_stb_all_2012_2176_cnet.exe
    [2012/06/03 23:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL results: All processes killed
========== OTL ==========
Error: No service named Mdobf2 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mdobf2 deleted successfully.
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys not found.
Service AVGIDSShim stopped successfully!
Service AVGIDSShim deleted successfully!
File system32\DRIVERS\avgidsshimx.sys not found.
Service AVGIDSHX stopped successfully!
Service AVGIDSHX deleted successfully!
File system32\DRIVERS\avgidshx.sys not found.
Registry key HKEY_USERS\S-1-5-21-1078081533-2077806209-1801674531-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-2077806209-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-1078081533-2077806209-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG\$CHJW folder moved successfully.
C:\$AVG folder moved successfully.
C:\Documents and Settings\user\Application Data\AVG2012\cfgall folder moved successfully.
C:\Documents and Settings\user\Application Data\AVG2012 folder moved successfully.
C:\Program Files\AVG\AVG2012\html\reportcard folder moved successfully.
C:\Program Files\AVG\AVG2012\html folder moved successfully.
C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\defaults\preferences folder moved successfully.
C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\defaults folder moved successfully.
C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\components folder moved successfully.
C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\Chrome folder moved successfully.
C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack folder moved successfully.
C:\Program Files\AVG\AVG2012\Firefox folder moved successfully.
C:\Program Files\AVG\AVG2012 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\Documents and Settings\user\Desktop\avg_free_stb_all_2012_2176_cnet.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2012\fet folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 15640406 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: user
->Temp folder emptied: 365200 bytes
->Temporary Internet Files folder emptied: 35353189 bytes
->Java cache emptied: 5933450 bytes
->FireFox cache emptied: 183202396 bytes
->Google Chrome cache emptied: 365211400 bytes
->Apple Safari cache emptied: 9678848 bytes
->Flash cache emptied: 939345 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 596480 bytes

Total Files Cleaned = 591.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.46.0 log created on 06042012_004218

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
JavaFX 2.1.0
Java(TM) 6 Update 30
Java(TM) 7 Update 4
Out of date Java installed!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````
 
this one was tricky - the screen kept on disappearing so I had to rerun it a bunch of times to get it to copy the following results:

Farbar Service Scanner Version: 27-05-2012
Ran by user (administrator) on 04-06-2012 at 01:15:41
Running from "C:\Documents and Settings\user\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

ATTENTION!=====> local policy on IP:
Key: "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local"
Vlue: "ActivePolicy"
Data: "SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{39e2dd94-2c46-4b25-a1fb-33d8489f22ea}"


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****
 
TFC started running and got stuck in the middle. Something's forcing shut down of these programs when I want to run them.
 
TFC started running and got stuck in the middle. Something's forcing shut down of these programs when I want to run them.
 
been doing ESET and it's stuck on 28% after more than 2 hours. It says it found 1 threat, a win32/Hoax agent
What should I do?
 
ok, all done. didn't need safe mode in the end, it just took 5.5 hrs

HEre's the log
C:\Documents and Settings\user\Desktop\TATTY\WEB\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack\LMSOFT.Web.Creator.Pro.v4.0.0.5.Incl.Crack.zipWin32/Hoax.Agent.BD applicationdeleted - quarantined
 
Uninstall:
JavaFX 2.1.0
Java(TM) 6 Update 30

=======================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Just tried uninstalling Java 6 Update 30. System returned "fatal error during installation" and stopped. Do you have a different way to uninstall it than the add and remove programs from the control pannel? JavaFX 2.1.0 uninstalled fine. Can I proceed with the rest of instructions?
 
OTL log 1
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: user
->Temp folder emptied: 6987 bytes
->Temporary Internet Files folder emptied: 8680540 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62879089 bytes
->Google Chrome cache emptied: 11898936 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1003 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 596480 bytes

Total Files Cleaned = 80.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.46.0 log created on 06042012_193843

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
I've done all other steps. Thank you very much. My ethernet card is working much more efficiently and not disconnecting me anymore. You have no idea how much I appreciate this.
What I do not understand is why my computer is so slow and has slowed down only since the whole bug thing started. Startup takes longer. Then if I want to launch firefox, which is the main program I use for work, it takes over 1 minute to start. Is this normal or could there be something else bothering my computer? Do you know of anything that can speed it up? I've checked my HD memory and it's 50% free, and the RAM used seemed to have even more free space than that.
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
bad news. Don't know what happened, but right now my computer is going mad, the red light on the computer itself that normally flashes on and off when it's working on something has been going non stop. Is this normal? Actually, this is how it was before I got my virus, and then it got better while I was doing all the scans etc. It may be related to the machine itself, but how can I be sure there's not some malicious process running in the background that is causing it?
 
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
 
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 98.44 0 K 28 K
System 4 0 K 256 K
Interrupts n/a 1.56 0 K 0 K Hardware Interrupts and DPCs
smss.exe 616 184 K 436 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 664 1,948 K 5,104 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 688 7,140 K 2,960 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 732 2,176 K 4,092 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 912 3,528 K 5,728 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
igfxsrvc.exe 3164 1,448 K 3,852 K igfxsrvc Module Intel Corporation C:\WINDOWS\system32\igfxsrvc.exe -Embedding
hpoevm08.exe 3884 1,640 K 5,060 K HP OfficeJet COM Event Manager Hewlett-Packard Co. "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe" -Embedding
hposts08.exe 2212 3,652 K 7,184 K HP OfficeJet Status Hewlett-Packard Co. "C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe" /CtxID "#Hewlett-Packard#hp psc 1200 series#1309359847" /Startup
msmsgs.exe 2608 2,016 K 5,988 K Windows Messenger Microsoft Corporation "C:\Program Files\Messenger\msmsgs.exe" -Embedding
wmiprvse.exe 668 2,812 K 5,508 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 984 2,296 K 5,144 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
svchost.exe 1080 30,744 K 43,628 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1124 2,784 K 3,964 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 1212 2,344 K 4,784 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1424 1,868 K 4,412 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
AvastSvc.exe 1524 23,840 K 37,336 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
spoolsv.exe 1580 3,940 K 6,000 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1680 1,648 K 4,032 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
SASCore.exe 1712 1,020 K 2,712 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE"
AppleMobileDeviceService.exe 1724 9,712 K 13,312 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
DTSRVC.exe 1752 864 K 2,284 K "C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe"
svchost.exe 2008 3,576 K 5,840 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
alg.exe 464 1,596 K 4,224 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
iPodService.exe 3708 3,272 K 5,072 K iPodService Module (32-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
HPZipm12.exe 3972 1,168 K 2,756 K PML Driver HP C:\WINDOWS\system32\HPZipm12.exe
psia.exe 2520 15,276 K 20,588 K Secunia PSI Agent Secunia "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service
sua.exe 2168 1,024 K 2,784 K Secunia Update Agent Secunia "C:\Program Files\Secunia\PSI\sua.exe" --start-service
lsass.exe 744 5,180 K 1,940 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 2436 37,480 K 50,100 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
hkcmd.exe 2716 1,336 K 4,140 K hkcmd Module Intel Corporation "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe 2732 1,084 K 3,592 K persistence Module Intel Corporation "C:\WINDOWS\system32\igfxpers.exe"
dthtml.exe 2752 4,700 K 8,948 K HP My Display Portrait Displays, Inc "C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder
HookManager.exe 2976 1,332 K 3,856 K Context Menu Utility Portrait Displays Inc. "C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe"
iTunesHelper.exe 2824 10,996 K 15,460 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
DivXUpdate.exe 2860 2,684 K 8,008 K DivX Update "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
SUPERANTISPYWARE.EXE 2900 243,088 K 556 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
ctfmon.exe 2912 1,300 K 3,876 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
hpohmr08.exe 3224 3,636 K 6,696 K HP OfficeJet COM Device Objects Hewlett-Packard Co. "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe"
googletalk.exe 2296 15,132 K 16,160 K Google Talk Google "C:\Program Files\Google\Google Talk\googletalk.exe" /startmenu
msimn.exe 4056 16,176 K 17,540 K Outlook Express Microsoft Corporation "C:\Program Files\Outlook Express\msimn.exe"
AvastUI.exe 2240 10,224 K 6,100 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
procexp.exe 308 11,008 K 17,588 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\user\My Documents\Downloads\ProcessExplorer\procexp.exe"
firefox.exe 1384 264,368 K 276,304 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
plugin-container.exe 3384 32,816 K 38,136 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=1384.20306b0.58692096 "C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll" - -greomni "C:\Program Files\Mozilla Firefox\omni.ja" 1384 "\\.\pipe\gecko-crash-server-pipe.1384" plugin
 
CPU usage looks perfectly fine.

System Idle Process (CPU NOT used) is listed at 98.44%
 
Back