Solved Get corrupted profile message

nickn

Posts: 35   +0
My PC has 4 users configured on it. Several of the users have gotten error messages as they login the profile has been corrupted. I was able recover the users files by recreating the user but this problem is persisting. Which makes me think the computer may have a problem.

I have gone through the 5 step virus removal instructions and below are the logs from the process:

malware run:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.11.15
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NickN :: DOGBOY [administrator]
Protection: Enabled
10/11/2012 7:23:01 PM
mbam-log-2012-10-11 (19-23-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357033
Time elapsed: 9 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

GMER run:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-10-11 19:39:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c Maxtor_6Y160P0 rev.YAR41BW0
Running: GMER.exe; Driver: D:\DOCUME~1\NickN\LOCALS~1\Temp\uxtdapoc.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----

DDS run:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by NickN at 19:39:49 on 2012-10-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2107 [GMT -7:00]
.
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\Program Files\Secunia\PSI\PSIA.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\Logitech\SetPointP\SetPoint.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Secunia\PSI\psi_tray.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
D:\Program Files\HP\HP Officejet 6700\bin\HPNetworkCommunicator.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Secunia\PSI\sua.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - d:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton security suite\engine\5.2.2.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - d:\program files\xfin_portal\auxi\comcastAu.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - d:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\program files\norton security suite\engine\5.2.2.3\coIEPlg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - d:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [Google Update] "d:\documents and settings\nickn\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [GEST] m‘|Pë
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [EvtMgr6] d:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_ROC_NT] "d:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
StartupFolder: d:\docume~1\nickn\startm~1\programs\startup\monito~1.lnk - d:\windows\system32\RunDll32.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - d:\program files\netgear\wnda3100v2\WNDA3100v2.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1346999591687
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1323501593171
TCP: Interfaces\{BCB0DA37-E276-4D2B-BD0B-C1339EBD8C89} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BF9E757B-84E7-42F0-96DB-6CF27AFFEC5D} : DhcpNameServer = 192.168.1.1
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - d:\program files\wot\WOT.dll
Notify: LBTWlgn - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\n360\0502020.003\symds.sys [2012-7-16 340088]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\n360\0502020.003\symefa.sys [2012-7-16 744568]
R1 avkmgr;avkmgr;d:\windows\system32\drivers\avkmgr.sys [2011-12-9 36000]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\n360\0502020.003\ironx86.sys [2012-7-16 136312]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 AntiVirSchedulerService;Avira Scheduler;d:\program files\avira\antivir desktop\sched.exe [2011-12-9 86224]
R2 AntiVirService;Avira Realtime Protection;d:\program files\avira\antivir desktop\avguard.exe [2011-12-9 110032]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2011-12-9 83392]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;d:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [2011-12-14 12184]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-11 399432]
R2 N360;Norton Security Suite;d:\program files\norton security suite\engine\5.2.2.3\ccsvchst.exe [2012-7-16 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-12-9 2253120]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\secunia\psi\psia.exe [2011-10-13 994360]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\secunia\psi\sua.exe [2011-10-13 399416]
R2 WSWNDA3100;WSWNDA3100;d:\program files\netgear\wnda3100v2\WifiSvc.exe [2012-1-2 272864]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;d:\windows\system32\drivers\bcmwlhigh5.sys [2012-1-2 1034240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20121011.001\IDSXpx86.sys [2012-10-11 373728]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121011.018\naveng.sys [2012-10-11 92704]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20121011.018\navex15.sys [2012-10-11 1601184]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys [2011-12-9 119656]
R3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-11 676936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-15 250808]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\google\update\GoogleUpdate.exe [2011-12-12 136176]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-10-11 22856]
S3 NPF;Netgroup Packet Filter;d:\windows\system32\drivers\npf.sys [2012-1-2 50704]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-10-12 02:02:47 -------- d-----w- d:\documents and settings\nickn\application data\Malwarebytes
2012-10-12 02:02:16 -------- d-----w- d:\documents and settings\all users\application data\Malwarebytes
2012-10-12 02:02:15 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-10-12 02:02:15 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-10-09 02:49:35 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Apple
2012-10-09 02:47:18 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Apple Computer
2012-10-09 01:43:51 -------- d-----w- d:\documents and settings\all users\application data\Battle.net
2012-09-28 07:20:09 -------- d-----w- d:\documents and settings\nickn\application data\Windows Search
2012-09-24 06:08:46 -------- d-----w- d:\documents and settings\nickn\application data\HpUpdate
2012-09-21 08:31:44 -------- d-sh--w- d:\documents and settings\nickn\IECompatCache
2012-09-21 05:34:11 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Sun
2012-09-21 05:32:31 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Secunia PSI
2012-09-20 07:39:46 -------- d-----w- d:\documents and settings\nickn\application data\NVIDIA
2012-09-20 07:04:21 -------- d-sh--w- d:\documents and settings\nickn\PrivacIE
2012-09-20 07:04:19 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Google
2012-09-20 07:03:40 -------- d-----w- d:\documents and settings\nickn\application data\Avira
2012-09-20 07:03:34 -------- d-----w- d:\documents and settings\nickn\local settings\application data\jZip
2012-09-20 06:58:37 -------- d-----w- d:\documents and settings\nickn\local settings\application data\Identities
2012-09-20 06:58:35 -------- d-----w- d:\documents and settings\nickn\application data\Windows Desktop Search
2012-09-20 06:51:04 -------- d-sh--w- d:\documents and settings\nickn\IETldCache
2012-09-20 06:36:11 17224 ----a-w- d:\windows\system32\roboot.exe
2012-09-20 06:36:09 -------- d-----w- d:\program files\WinZip Registry Optimizer
.
==================== Find3M ====================
.
2012-10-08 18:26:07 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 18:26:07 696760 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-08-31 02:57:21 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-08-31 02:57:21 821736 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-08-31 02:57:21 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-08-31 02:57:21 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- d:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:40:30.26 ===============
 
Second DDS output:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2011 5:41:11 PM
System Uptime: 10/11/2012 7:09:34 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | M61PME-S2P
Processor: AMD Athlon(tm) X2 250 Processor | Socket M2 | 3013/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 153 GiB total, 73.653 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 265.906 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&30B32848&0&00
Manufacturer: NVIDIA
Name: NVIDIA nForce 10/100 Mbps Ethernet
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV03EF\4&30B32848&0&00
Service: NVENETFD
.
==== System Restore Points ===================
.
RP310: 7/14/2012 7:37:45 AM - System Checkpoint
RP311: 7/16/2012 9:36:12 PM - System Checkpoint
RP312: 7/17/2012 9:58:21 PM - System Checkpoint
RP313: 7/18/2012 10:57:02 PM - System Checkpoint
RP314: 7/19/2012 10:51:10 PM - Installed Java SE Development Kit 7 Update 5
RP315: 7/19/2012 10:52:30 PM - Installed Java(TM) 7 Update 5
RP316: 7/19/2012 10:53:58 PM - Installed JavaFX 2.1.1 SDK
RP317: 7/19/2012 10:54:38 PM - Installed JavaFX 2.1.1
RP318: 7/20/2012 11:38:24 PM - System Checkpoint
RP319: 7/29/2012 11:33:20 PM - System Checkpoint
RP320: 7/30/2012 11:56:49 PM - System Checkpoint
RP321: 8/1/2012 12:01:33 AM - System Checkpoint
RP322: 8/2/2012 12:49:38 AM - System Checkpoint
RP323: 8/3/2012 1:49:38 AM - System Checkpoint
RP324: 8/4/2012 2:34:52 AM - System Checkpoint
RP325: 8/5/2012 3:33:50 AM - System Checkpoint
RP326: 8/6/2012 4:45:44 AM - System Checkpoint
RP327: 8/7/2012 5:30:44 AM - System Checkpoint
RP328: 8/8/2012 8:56:38 AM - System Checkpoint
RP329: 8/9/2012 9:03:49 AM - System Checkpoint
RP330: 8/10/2012 11:25:34 AM - System Checkpoint
RP331: 8/11/2012 12:36:10 PM - System Checkpoint
RP332: 8/12/2012 1:52:26 PM - System Checkpoint
RP333: 8/13/2012 3:03:36 PM - System Checkpoint
RP334: 8/14/2012 3:58:05 PM - System Checkpoint
RP335: 8/15/2012 5:53:24 PM - Software Distribution Service 3.0
RP336: 8/16/2012 5:59:28 PM - System Checkpoint
RP337: 8/17/2012 6:56:04 PM - System Checkpoint
RP338: 8/18/2012 7:04:59 PM - System Checkpoint
RP339: 8/19/2012 7:24:09 PM - System Checkpoint
RP340: 8/20/2012 8:12:10 PM - System Checkpoint
RP341: 8/21/2012 8:16:56 PM - System Checkpoint
RP342: 8/22/2012 10:16:43 PM - System Checkpoint
RP343: 8/23/2012 10:31:38 PM - System Checkpoint
RP344: 8/25/2012 8:52:54 AM - System Checkpoint
RP345: 8/26/2012 9:29:27 AM - System Checkpoint
RP346: 8/27/2012 9:45:41 AM - System Checkpoint
RP347: 8/28/2012 9:58:22 AM - System Checkpoint
RP348: 8/29/2012 10:11:39 AM - System Checkpoint
RP349: 8/30/2012 1:24:57 PM - System Checkpoint
RP350: 8/30/2012 7:56:48 PM - Removed Java(TM) 7 Update 5
RP351: 8/30/2012 7:57:10 PM - Installed Java 7 Update 7
RP352: 8/31/2012 9:58:48 PM - System Checkpoint
RP353: 9/1/2012 9:39:47 PM - Installed NetTerm
RP354: 9/2/2012 10:37:53 PM - System Checkpoint
RP355: 9/4/2012 7:13:48 AM - System Checkpoint
RP356: 9/5/2012 7:34:56 AM - System Checkpoint
RP357: 9/6/2012 9:11:01 AM - System Checkpoint
RP358: 9/7/2012 10:37:21 AM - System Checkpoint
RP359: 9/8/2012 7:12:19 PM - System Checkpoint
RP360: 9/9/2012 8:04:55 PM - System Checkpoint
RP361: 9/10/2012 9:12:56 PM - System Checkpoint
RP362: 9/11/2012 9:34:15 PM - System Checkpoint
RP363: 9/12/2012 9:35:12 PM - System Checkpoint
RP364: 9/12/2012 11:22:26 PM - Software Distribution Service 3.0
RP365: 9/14/2012 7:35:20 AM - System Checkpoint
RP366: 9/15/2012 8:49:50 AM - System Checkpoint
RP367: 9/16/2012 5:21:04 PM - System Checkpoint
RP368: 9/17/2012 6:07:26 PM - System Checkpoint
RP369: 9/18/2012 6:16:00 PM - System Checkpoint
RP370: 9/19/2012 7:39:06 PM - System Checkpoint
RP371: 9/19/2012 11:39:14 PM - WinZip Registry Optimizer Wed, Sep 19, 12 23:39
RP372: 9/21/2012 12:23:48 AM - System Checkpoint
RP373: 9/22/2012 1:22:12 AM - System Checkpoint
RP374: 9/23/2012 1:48:59 AM - Software Distribution Service 3.0
RP375: 9/24/2012 2:04:51 AM - System Checkpoint
RP376: 9/25/2012 3:02:40 AM - System Checkpoint
RP377: 9/26/2012 4:00:34 AM - System Checkpoint
RP378: 9/27/2012 4:54:40 AM - System Checkpoint
RP379: 9/28/2012 5:37:38 AM - System Checkpoint
RP380: 9/29/2012 5:41:17 AM - System Checkpoint
RP381: 9/30/2012 6:39:10 AM - System Checkpoint
RP382: 10/1/2012 8:08:50 AM - System Checkpoint
RP383: 10/2/2012 8:49:10 AM - System Checkpoint
RP384: 10/3/2012 9:32:09 AM - System Checkpoint
RP385: 10/4/2012 9:37:55 AM - System Checkpoint
RP386: 10/5/2012 10:22:19 AM - System Checkpoint
RP387: 10/6/2012 2:48:40 PM - System Checkpoint
RP388: 10/7/2012 3:36:22 PM - System Checkpoint
RP389: 10/8/2012 4:31:31 PM - System Checkpoint
RP390: 10/9/2012 4:43:52 PM - System Checkpoint
RP391: 10/10/2012 5:00:47 PM - System Checkpoint
RP392: 10/10/2012 10:29:41 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AMD Processor Driver
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Audacity 1.3.12 (Unicode)
Avira Free Antivirus
Bonjour
Compatibility Pack for the 2007 Office system
DivX Setup
Easy-WebPrint
eReg
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP FWUpdateEDO2
HP Officejet 6700 Basic Device Software
HP Officejet 6700 Help
HP Update
I.R.I.S. OCR
iTunes
Java 7 Update 7
Java Auto Updater
Java SE Development Kit 7 Update 5
JavaFX 2.1.1
JavaFX 2.1.1 SDK
JCreator LE 5.00
jZip
K-Lite Codec Pack 7.5.0 (Full)
LAME v3.98.2 for Audacity
Logitech SetPoint 6.32
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NetTerm
Norton Security Suite
NVIDIA Control Panel 285.58
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA HD Audio Driver 1.2.24.0
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
NVIDIA Update Components
PHOTOfunSTUDIO 5.0
PrimoPDF -- brought to you by Nitro PDF Software
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SUPERAntiSpyware
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 woriper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinZip Registry Optimizer
World of Warcraft
WOT for Internet Explorer
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Profiles do get corrupted.
So far I don't see much there.

You must uninstall one oftwo AV programs, Avira or Norton.
If Norton use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Thanks for responding to my post. Yes, profile do get corrupted, but it has happend 3 times in a 2 weeks, so something is going on. It could be the drive is going bad or something along those lines as well. At any rate here are the logs:

RogueKiller:

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : NickN [Admin rights]
Mode : Remove -- Date : 10/12/2012 23:05:42
¤¤¤ Bad processes : 1 ¤¤¤
[RESIDUE][DLL] rundll32.exe -- D:\WINDOWS\system32\rundll32.exe : D:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll -> KILLED [TermProc]
¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][BLACKLIST DLL] Monitor Ink Alerts - HP Officejet 6700 (Network).lnk @nickn : D:\WINDOWS\system32\rundll32.exe|"D:\Program Files\HP\HP Officejet 6700\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN26C3H16S05RQ;CONNECTION=NW;MONITOR=1; -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A587E88)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A587F48)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A51C6B8)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A4B3318)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A8C8E98)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x8A5211D0)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x8A5152C8)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8AAA4840)
SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x8A4C0290)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A51F6E8)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A8B86F0)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A4FCE10)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A4C3F90)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A943378)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8AB03428)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A8E21E8)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A500730)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A51C788)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A4FE318)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A51F7B8)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8A4B3228)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A593BC8)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A58CAF8)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A58CBB8)
SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x8A4FE1F0)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A4C3ED0)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A593CA8)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A51A788)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A58CA18)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A596B18)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A591F18)
S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8ABBA8F0)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8ABBEE58)
S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x8ABBDA48)
S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x8ABA1268)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8ABB5C40)
S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x8AB9AA98)
S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x8ABA8C40)
S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x8ABADE48)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8AB6BE28)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x8ABBAF08)
¤¤¤ HOSTS File: ¤¤¤
--> D:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Maxtor 6Y160P0 +++++
--- User ---
[MBR] 49e5cd685dbe4b890f965936508d18ea
[BSP] ecbed01bc19b8c39acc1518168448072 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156327 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: ST31000528AS +++++
--- User ---
[MBR] 3008a1c1a52107b6c0a9f43d08312977
[BSP] e5f8ec699333f31e1308c9bb985d0082 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
aswMBR:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-12 23:10:25
-----------------------------
23:10:25.046 OS Version: Windows 5.1.2600 Service Pack 3
23:10:25.046 Number of processors: 2 586 0x602
23:10:25.046 ComputerName: DOGBOY UserName: NickN
23:10:26.281 Initialize success
23:15:17.546 AVAST engine defs: 12101202
23:15:31.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
23:15:31.171 Disk 0 Vendor: Maxtor_6Y160P0 YAR41BW0 Size: 156333MB BusType: 3
23:15:31.171 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
23:15:31.171 Disk 1 Vendor: ST31000528AS CC35 Size: 953868MB BusType: 3
23:15:31.171 Disk 0 MBR read successfully
23:15:31.171 Disk 0 MBR scan
23:15:31.250 Disk 0 Windows XP default MBR code
23:15:31.250 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 156327 MB offset 63
23:15:31.250 Disk 0 scanning sectors +320159385
23:15:31.359 Disk 0 scanning D:\WINDOWS\system32\drivers
23:15:42.203 Service scanning
23:15:55.984 Modules scanning
23:16:02.078 Disk 0 trace - called modules:
23:16:02.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:16:02.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adf2ab8]
23:16:02.578 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8adf89e8]
23:16:02.578 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-c[0x8adabd98]
23:16:04.875 AVAST engine scan D:\WINDOWS
23:16:23.656 AVAST engine scan D:\WINDOWS\system32
23:20:22.031 AVAST engine scan D:\WINDOWS\system32\drivers
23:21:09.875 AVAST engine scan D:\Documents and Settings\NickN
23:39:07.968 AVAST engine scan D:\Documents and Settings\All Users
23:43:01.328 Scan finished successfully
23:45:24.953 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\NickN\My Documents\Virus Cleaners\Logs\MBR.dat"
23:45:24.953 The log file has been saved successfully to "D:\Documents and Settings\NickN\My Documents\Virus Cleaners\Logs\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If restarting doesn't help use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Here's the log from ComboFix:

ComboFix 12-10-13.04 - NickN 10/13/2012 16:49:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2401 [GMT -7:00]
Running from: d:\documents and settings\NickN\My Documents\Virus Cleaners\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\All Users\Application Data\TEMP
d:\windows\system32\Packet.dll
d:\windows\system32\pthreadVC.dll
d:\windows\system32\URTTemp
d:\windows\system32\URTTemp\regtlib.exe
d:\windows\system32\wpcap.dll
F:\Autorun.inf
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-12 02:02 . 2012-10-12 02:02 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2012-10-12 02:02 . 2012-10-12 02:02 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-10-12 02:02 . 2012-09-08 00:04 22856 ----a-w- d:\windows\system32\drivers\mbam.sys
2012-10-09 01:43 . 2012-10-09 01:45 -------- d-----w- d:\documents and settings\All Users\Application Data\Battle.net
2012-10-06 23:46 . 2012-10-06 23:46 -------- d-----w- d:\documents and settings\Max\Local Settings\Application Data\jZip
2012-10-03 00:26 . 2012-10-03 00:26 -------- d-----w- d:\documents and settings\Max\Application Data\AVG Secure Search
2012-09-29 00:42 . 2012-10-12 18:41 -------- d-----w- d:\documents and settings\Penny2
2012-09-20 06:50 . 2012-10-13 23:54 -------- d-----w- d:\documents and settings\NickN
2012-09-20 06:36 . 2012-02-08 17:29 17224 ----a-w- d:\windows\system32\roboot.exe
2012-09-20 06:21 . 2012-09-20 06:22 -------- d-----w- d:\documents and settings\TEMP.DOGBOY
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 18:26 . 2012-04-04 14:27 696760 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-10-08 18:26 . 2011-12-10 05:47 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 02:57 . 2012-08-31 02:57 143872 ----a-w- d:\windows\system32\javacpl.cpl
2012-08-31 02:57 . 2012-08-31 02:57 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
2012-08-31 02:57 . 2012-07-20 05:53 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-08-31 02:57 . 2012-07-20 05:53 821736 ----a-w- d:\windows\system32\npDeployJava1.dll
2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-04 12:00 43520 ----a-w- d:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-04 12:00 1469440 ------w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 12:00 385024 ----a-w- d:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- d:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2004-08-04 12:00 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|Pë" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 18063872]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"HP Software Update"="d:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
d:\documents and settings\NickN\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-10-13 0]
.
d:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3100v2 Smart Wizard.lnk - d:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-1-2 4577760]
Secunia PSI Tray.lnk - d:\program files\Secunia\PSI\psi_tray.exe [2011-10-13 291896]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-12-10 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- d:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"d:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\N360\0502020.003\symds.sys [7/16/2012 6:31 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\N360\0502020.003\symefa.sys [7/16/2012 6:31 PM 744568]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys [10/1/2012 10:28 AM 995488]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 11:25 AM 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67664]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\N360\0502020.003\ironx86.sys [7/16/2012 6:31 PM 136312]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 10:48 AM 116608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;d:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;d:\windows\system32\drivers\LBeepKE.sys [12/14/2011 1:34 PM 12184]
R2 MBAMScheduler;MBAMScheduler;d:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/11/2012 7:02 PM 399432]
R2 N360;Norton Security Suite;d:\program files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe [7/16/2012 6:31 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;d:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [12/9/2011 11:37 PM 2253120]
R2 Secunia PSI Agent;Secunia PSI Agent;d:\program files\Secunia\PSI\psia.exe [10/13/2011 11:01 PM 994360]
R2 Secunia Update Agent;Secunia Update Agent;d:\program files\Secunia\PSI\sua.exe [10/13/2011 11:01 PM 399416]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;d:\windows\system32\drivers\bcmwlhigh5.sys [1/2/2012 3:23 PM 1034240]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2012 7:51 PM 106656]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121012.001\IDSXpx86.sys [10/13/2012 12:00 AM 373728]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;d:\windows\system32\drivers\nvhda32.sys [12/9/2011 11:12 PM 119656]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [12/12/2011 9:47 PM 136176]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/11/2012 7:02 PM 676936]
S2 WSWNDA3100;WSWNDA3100;d:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [1/2/2012 3:23 PM 272864]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/15/2012 10:52 PM 250808]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [12/12/2011 9:47 PM 136176]
S3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [10/11/2012 7:02 PM 22856]
S3 PSI;PSI;d:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 18:26]
.
2012-10-07 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2012-10-13 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 04:47]
.
2012-10-13 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-12-13 04:47]
.
2012-10-12 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1009Core.job
- d:\documents and settings\NickN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-26 20:07]
.
2012-10-13 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1009UA.job
- d:\documents and settings\NickN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-26 20:07]
.
2012-10-13 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1010Core.job
- d:\documents and settings\Penny2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-29 20:07]
.
2012-10-13 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1010UA.job
- d:\documents and settings\Penny2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-29 20:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ROC_ROC_NT - d:\program files\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-13 16:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"d:\program files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"d:\program files\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(2828)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
d:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
d:\program files\Java\jre7\bin\jqs.exe
d:\windows\RTHDCPL.EXE
d:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
d:\program files\iPod\bin\iPodService.exe
d:\windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-13 16:58:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-13 23:58
ComboFix2.txt 2011-12-14 20:06
.
Pre-Run: 284,081,942,528 bytes free
Post-Run: 286,406,565,888 bytes free
.
- - End Of File - - 68C73DD475681E7C6EAC4F63F17D9EB5
 
Looks good.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I will be on vacation until Monday. I will not be able to pick up the thread until I get back. Thanks for all your help to this point. Here is the OTL.txt file:

OTL logfile created on: 10/16/2012 2:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\NickN\My Documents\Virus Cleaners
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 54.43% Memory free
5.09 Gb Paging File | 3.70 Gb Available in Paging File | 72.67% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 152.66 Gb Total Space | 73.60 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 266.35 Gb Free Space | 28.59% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 1253.87 Gb Free Space | 89.74% Space Free | Partition Type: NTFS

Computer Name: DOGBOY | User Name: NickN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/16 14:00:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\NickN\My Documents\Virus Cleaners\OTL.exe
PRC - [2012/09/07 23:14:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/30 19:57:21 | 000,161,768 | ---- | M] (Oracle Corporation) -- D:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) -- D:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) -- D:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/13 23:01:46 | 000,291,896 | ---- | M] (Secunia) -- D:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/10/07 21:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/07 02:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/09/27 12:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- D:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- D:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 07:26:02 | 000,221,696 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
MOD - [2012/06/13 07:24:03 | 000,212,992 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 01:43:24 | 003,186,688 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/13 01:43:23 | 002,933,248 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/06/13 01:43:23 | 000,425,984 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/13 01:43:19 | 000,630,784 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/06/13 01:43:19 | 000,303,104 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/06/13 01:43:18 | 000,261,632 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/06/13 01:43:18 | 000,258,048 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2012/06/13 01:43:17 | 002,048,000 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/13 01:43:16 | 000,114,688 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2012/06/13 01:43:12 | 005,025,792 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/06/13 01:41:44 | 013,198,336 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 01:35:35 | 001,666,048 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/09 08:45:26 | 000,762,880 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 08:45:24 | 000,787,456 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bb40644f323a93fa9bc09be350918ef3\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 08:45:23 | 000,649,728 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\67a386434938003bceb0752e979dabb3\System.Transactions.ni.dll
MOD - [2012/05/08 23:59:28 | 007,953,408 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/08 23:59:20 | 011,492,352 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/08 23:50:48 | 006,815,232 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\99d0f7ba920eea1117e45dcd9fec0eb5\System.Data.ni.dll
MOD - [2012/05/08 23:50:32 | 005,617,664 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/08 23:50:28 | 000,982,528 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/08 23:50:19 | 007,069,184 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/08 23:50:12 | 009,091,584 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/08 23:50:06 | 014,412,800 | ---- | M] () -- D:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/12/10 08:50:55 | 000,854,016 | ---- | M] () -- D:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/12/10 08:50:54 | 000,270,336 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/12/10 08:50:52 | 000,476,520 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/12/10 08:50:52 | 000,409,960 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/12/10 08:50:49 | 000,046,952 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/12/10 08:50:48 | 000,421,224 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/12/10 08:50:48 | 000,269,672 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/12/10 08:50:48 | 000,023,912 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/12/10 08:50:48 | 000,018,792 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/12/10 08:50:48 | 000,012,136 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/12/10 08:50:47 | 000,121,704 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/12/10 08:50:47 | 000,120,168 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/12/10 08:50:47 | 000,070,504 | ---- | M] () -- D:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/11/03 11:39:28 | 001,310,752 | ---- | M] () -- D:\Program Files\WOT\WOT.dll
MOD - [2011/10/07 02:41:16 | 000,879,896 | ---- | M] () -- D:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/02/28 15:37:32 | 000,180,624 | ---- | M] () -- D:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- D:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- D:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2010/07/08 11:24:42 | 000,258,048 | ---- | M] () -- D:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2010/07/08 09:21:58 | 000,282,624 | ---- | M] () -- D:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll


========== Services (SafeList) ==========

SRV - [2012/10/08 11:26:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 23:14:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/30 19:57:21 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- D:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/13 23:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 23:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- D:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/10/07 21:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/09/27 12:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- D:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/10/11 18:43:42 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121015.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/10/11 18:43:42 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121015.017\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121013.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/31 15:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/08 19:51:50 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/08 19:51:50 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/12 22:31:09 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/10 09:33:35 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/10 09:33:34 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/12/09 19:27:02 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/09/01 23:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/07/07 16:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/04/20 18:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502020.003\symtdi.sys -- (SYMTDI)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2010/11/15 18:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- D:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/12 12:44:06 | 000,071,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2010/02/03 11:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/12/11 02:24:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/08/01 19:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\nvata.sys -- (nvata)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {B45D87C6-129E-47CE-8813-C0CE4C048726}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{B45D87C6-129E-47CE-8813-C0CE4C048726}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-329068152-789336058-839522115-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-329068152-789336058-839522115-1009\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-329068152-789336058-839522115-1009\..\SearchScopes\{B45D87C6-129E-47CE-8813-C0CE4C048726}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS462
IE - HKU\S-1-5-21-329068152-789336058-839522115-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: d:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 08:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/10/16 13:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 20:58:52 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = D:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = D:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = d:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = d:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Golden Age = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fmnmmbojobnccijcebapdiapcbabpamk\1.3.5.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/13 16:55:23 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - D:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - D:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - D:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-329068152-789336058-839522115-1009\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - D:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-329068152-789336058-839522115-1009\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [GEST] m‘|Pë File not found
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk = D:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = D:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-789336058-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-789336058-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-789336058-839522115-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-789336058-839522115-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-789336058-839522115-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-789336058-839522115-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1346999591687 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1323501593171 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06A84D0A-168F-4FB7-A0FE-FDD6CEE5A1B8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56040AC6-74E4-4F23-A952-86CA086B8488}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCB0DA37-E276-4D2B-BD0B-C1339EBD8C89}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - D:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - d:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\NickN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\NickN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - D:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/09 18:39:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 06:16:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Temp
[2012/10/14 06:16:07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Adobe
[2012/10/13 22:47:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Secunia PSI
[2012/10/13 22:47:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/10/13 22:46:02 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2012/10/13 22:45:55 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2012/10/13 22:45:55 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/13 22:40:06 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2012/10/13 17:36:51 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2012/10/13 17:19:06 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- D:\WINDOWS\System32\wpcap.dll
[2012/10/13 17:19:06 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- D:\WINDOWS\System32\Packet.dll
[2012/10/13 17:19:06 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- D:\WINDOWS\System32\drivers\npf.sys
[2012/10/13 17:19:05 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WNDA3100v2 Smart Wizard
[2012/10/13 17:19:05 | 000,000,000 | ---D | C] -- D:\Program Files\NETGEAR
[2012/10/13 17:18:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\InstallShield
[2012/10/13 16:32:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Deployment
[2012/10/12 23:04:53 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Desktop\RK_Quarantine
[2012/10/11 19:02:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Malwarebytes
[2012/10/11 19:02:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/11 19:02:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/11 19:02:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2012/10/11 19:02:15 | 000,000,000 | ---D | C] -- D:\Program Files\Malwarebytes' Anti-Malware
[2012/10/08 19:49:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Apple
[2012/10/08 19:47:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Apple Computer
[2012/10/08 18:46:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\World of Warcraft
[2012/10/08 18:43:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Battle.net
[2012/09/28 17:53:30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Desktop\Penny
[2012/09/28 00:20:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Windows Search
[2012/09/23 23:08:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\HpUpdate
[2012/09/21 01:31:44 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\NickN\IECompatCache
[2012/09/20 22:34:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Sun
[2012/09/20 22:34:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Sun
[2012/09/20 22:32:31 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Secunia PSI
[2012/09/20 00:39:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\NVIDIA
[2012/09/20 00:39:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\DivX
[2012/09/20 00:04:42 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Adobe
[2012/09/20 00:04:21 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\NickN\PrivacIE
[2012/09/20 00:04:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Google
[2012/09/20 00:04:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Google
[2012/09/20 00:03:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\jZip
[2012/09/19 23:58:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Identities
[2012/09/19 23:58:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Logitech
[2012/09/19 23:58:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Apple Computer
[2012/09/19 23:57:09 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Identities
[2012/09/19 23:51:04 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\NickN\IETldCache
[2012/09/19 23:50:57 | 000,000,000 | --SD | C] -- D:\Documents and Settings\NickN\Application Data\Microsoft
[2012/09/19 23:50:57 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\NickN\SendTo
[2012/09/19 23:50:57 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\NickN\Recent
[2012/09/19 23:50:57 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\NickN\Application Data
[2012/09/19 23:50:57 | 000,000,000 | R--D | C] -- D:\Documents and Settings\NickN\Start Menu\Programs\Startup
[2012/09/19 23:50:57 | 000,000,000 | R--D | C] -- D:\Documents and Settings\NickN\Start Menu
[2012/09/19 23:50:57 | 000,000,000 | R--D | C] -- D:\Documents and Settings\NickN\My Documents
[2012/09/19 23:50:57 | 000,000,000 | R--D | C] -- D:\Documents and Settings\NickN\Favorites
[2012/09/19 23:50:57 | 000,000,000 | R--D | C] -- D:\Documents and Settings\NickN\Start Menu\Programs\Accessories
[2012/09/19 23:50:57 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\NickN\Cookies
[2012/09/19 23:50:57 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\NickN\Templates
[2012/09/19 23:50:57 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\NickN\PrintHood
[2012/09/19 23:50:57 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\NickN\NetHood
[2012/09/19 23:50:57 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\NickN\Local Settings
[2012/09/19 23:50:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Local Settings\Application Data\Microsoft
[2012/09/19 23:50:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Application Data\Macromedia
[2012/09/19 23:50:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NickN\Desktop
[2012/09/19 23:36:11 | 000,017,224 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- D:\WINDOWS\System32\roboot.exe

========== Files - Modified Within 30 Days ==========

[2012/10/16 14:05:00 | 000,000,982 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1010UA.job
[2012/10/16 14:02:25 | 000,481,532 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2012/10/16 14:02:25 | 000,079,862 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2012/10/16 13:58:28 | 000,000,878 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/16 13:58:26 | 000,013,744 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2012/10/16 13:57:59 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2012/10/15 22:26:00 | 000,000,830 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/15 22:12:00 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 21:39:00 | 000,000,978 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1009UA.job
[2012/10/15 18:05:00 | 000,000,930 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1010Core.job
[2012/10/15 00:53:22 | 000,029,184 | ---- | M] () -- D:\Documents and Settings\NickN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/14 22:39:00 | 000,000,926 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1009Core.job
[2012/10/14 05:56:01 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/10/13 22:47:14 | 000,001,542 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/10/13 20:29:01 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/10/13 17:38:21 | 000,000,318 | ---- | M] () -- D:\Documents and Settings\NickN\Desktop\Curse Client.appref-ms
[2012/10/13 17:19:05 | 000,000,633 | ---- | M] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/13 17:19:05 | 000,000,621 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/13 16:55:23 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2012/10/11 20:41:48 | 000,002,284 | ---- | M] () -- D:\Documents and Settings\NickN\Desktop\Google Chrome.lnk
[2012/10/11 20:41:48 | 000,002,262 | ---- | M] () -- D:\Documents and Settings\NickN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/11 19:02:17 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/10 22:33:20 | 000,001,393 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2012/10/08 19:34:50 | 000,000,763 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2012/10/05 11:57:03 | 000,000,376 | ---- | M] () -- D:\WINDOWS\ODBC.INI
[2012/09/19 23:57:37 | 000,000,779 | ---- | M] () -- D:\Documents and Settings\NickN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/19 23:57:33 | 000,000,079 | ---- | M] () -- D:\Documents and Settings\NickN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf




< End of report >
 
The rest of the OTL.txt file. I had ot break it due to 50000 line limit.

========== Files Created - No Company Name ==========

[2012/10/13 22:47:14 | 000,001,542 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/10/13 17:38:33 | 000,000,318 | ---- | C] () -- D:\Documents and Settings\NickN\Desktop\Curse Client.appref-ms
[2012/10/13 17:19:06 | 000,053,299 | ---- | C] () -- D:\WINDOWS\System32\pthreadVC.dll
[2012/10/13 17:19:05 | 000,000,633 | ---- | C] () -- D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/13 17:19:05 | 000,000,621 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\NETGEAR WNDA3100v2 Smart Wizard.lnk
[2012/10/11 19:02:17 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/08 18:46:28 | 000,000,763 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2012/09/28 18:00:14 | 000,000,982 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1010UA.job
[2012/09/28 18:00:14 | 000,000,930 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1010Core.job
[2012/09/25 22:35:46 | 000,002,284 | ---- | C] () -- D:\Documents and Settings\NickN\Desktop\Google Chrome.lnk
[2012/09/25 22:35:46 | 000,002,262 | ---- | C] () -- D:\Documents and Settings\NickN\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/25 22:34:45 | 000,000,978 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1009UA.job
[2012/09/25 22:34:45 | 000,000,926 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-789336058-839522115-1009Core.job
[2012/09/20 00:09:34 | 000,029,184 | ---- | C] () -- D:\Documents and Settings\NickN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/19 23:57:37 | 000,000,779 | ---- | C] () -- D:\Documents and Settings\NickN\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/19 23:57:37 | 000,000,767 | ---- | C] () -- D:\Documents and Settings\NickN\Start Menu\Programs\Internet Explorer.lnk
[2012/09/19 23:57:33 | 000,000,079 | ---- | C] () -- D:\Documents and Settings\NickN\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/09/19 23:50:57 | 000,001,599 | ---- | C] () -- D:\Documents and Settings\NickN\Start Menu\Programs\Remote Assistance.lnk
[2012/09/19 23:50:57 | 000,000,788 | ---- | C] () -- D:\Documents and Settings\NickN\Start Menu\Programs\Windows Media Player.lnk
[2012/08/18 20:04:37 | 000,000,057 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/05/09 00:01:45 | 001,224,664 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/24 00:04:07 | 000,000,038 | ---- | C] () -- D:\WINDOWS\avisplitter.ini
[2012/04/24 00:04:05 | 000,650,752 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2012/04/24 00:04:05 | 000,243,200 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2012/04/24 00:04:04 | 000,074,752 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2012/04/09 23:00:20 | 000,197,104 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-789336058-839522115-1003-0.dat
[2012/03/22 23:07:49 | 000,175,616 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2012/02/28 00:54:36 | 001,453,640 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-329068152-789336058-839522115-1004-0.dat
[2012/02/28 00:54:34 | 000,145,186 | ---- | C] () -- D:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/27 19:50:47 | 000,000,590 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/14 14:55:48 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/02/03 19:20:18 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/01/09 19:13:39 | 000,000,120 | ---- | C] () -- D:\WINDOWS\QUICKEN.INI
[2011/12/26 23:02:15 | 000,180,624 | ---- | C] () -- D:\WINDOWS\System32\Primomonnt.dll
[2011/12/14 12:54:22 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2011/12/14 12:54:22 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2011/12/14 12:54:22 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2011/12/14 12:54:22 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2011/12/14 12:54:22 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2011/12/13 00:04:38 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/12/10 09:44:12 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2011/12/10 09:17:13 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\CNMVS7L.DLL
[2011/12/10 09:00:38 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\PICSDK.ini
[2011/12/10 09:00:37 | 000,111,932 | ---- | C] () -- D:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/12/10 09:00:37 | 000,031,053 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern131.dat
[2011/12/10 09:00:37 | 000,027,417 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern121.dat
[2011/12/10 09:00:37 | 000,026,154 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern1.dat
[2011/12/10 09:00:37 | 000,024,903 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern3.dat
[2011/12/10 09:00:37 | 000,021,390 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern5.dat
[2011/12/10 09:00:37 | 000,020,148 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern2.dat
[2011/12/10 09:00:37 | 000,011,811 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern4.dat
[2011/12/10 09:00:37 | 000,004,943 | ---- | C] () -- D:\WINDOWS\System32\EPPICPattern6.dat
[2011/12/10 09:00:37 | 000,001,146 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/12/10 09:00:37 | 000,001,139 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/12/10 09:00:37 | 000,001,139 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/12/10 09:00:37 | 000,001,136 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/12/10 09:00:37 | 000,001,129 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/12/10 09:00:37 | 000,001,129 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/12/10 09:00:37 | 000,001,120 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/12/10 09:00:37 | 000,001,107 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/12/10 09:00:37 | 000,001,104 | ---- | C] () -- D:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/12/09 23:12:33 | 000,292,700 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2011/12/09 23:12:31 | 000,292,700 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2011/12/09 23:12:31 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2011/12/09 18:53:10 | 000,004,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\nvphy.bin
[2011/12/09 18:41:14 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2011/12/09 18:37:12 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2011/12/09 10:30:13 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2011/12/09 10:29:13 | 000,152,384 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/21 07:01:00 | 002,783,770 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2011/02/09 21:03:48 | 000,000,314 | ---- | C] () -- D:\WINDOWS\primopdf.ini

========== ZeroAccess Check ==========

[2011/12/09 23:09:14 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 22:47:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/08 18:45:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Battle.net
[2011/12/12 22:02:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/07/19 23:02:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\JCreator
[2011/12/10 09:29:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Panasonic
[2011/12/12 22:00:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/12/10 00:10:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/02 18:09:24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Max\Application Data\.minecraft
[2012/10/15 19:10:08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Max\Application Data\.techniclauncher
[2012/10/02 17:26:54 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Max\Application Data\AVG Secure Search
[2012/08/02 17:46:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Max\Application Data\Windows Desktop Search
[2012/08/02 17:50:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Max\Application Data\Windows Search
[2012/09/28 00:20:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\NickN\Application Data\Windows Search
[2012/08/02 17:41:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\.minecraft
[2012/09/20 07:55:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\AVG Secure Search
[2011/12/13 21:32:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\CallingID
[2012/08/15 12:55:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\Canon
[2011/12/12 23:08:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\comcasttb
[2011/12/18 23:29:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\DDMSettings
[2011/12/14 12:39:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\ID Vault
[2012/09/01 21:41:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\InterSoft Common
[2012/07/19 23:12:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\JCreator
[2012/09/10 20:56:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\PrimoPDF
[2011/12/10 10:11:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\Windows Desktop Search
[2011/12/11 11:16:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\Windows Search
[2011/12/12 23:09:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny - deleted\Application Data\xfin_portal
[2012/09/28 17:55:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny2\Application Data\AVG Secure Search
[2012/10/12 16:16:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny2\Application Data\PrimoPDF
[2012/09/28 17:42:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Penny2\Application Data\Windows Desktop Search
[2011/12/12 22:37:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\UpdatusUser\Application Data\ID Vault

========== Purity Check ==========
 
Extras.txt:

OTL Extras logfile created on: 10/16/2012 2:01:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\NickN\My Documents\Virus Cleaners
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 54.43% Memory free
5.09 Gb Paging File | 3.70 Gb Available in Paging File | 72.67% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 152.66 Gb Total Space | 73.60 Gb Free Space | 48.21% Space Free | Partition Type: NTFS
Drive D: | 931.50 Gb Total Space | 266.35 Gb Free Space | 28.59% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 1253.87 Gb Free Space | 89.74% Space Free | Partition Type: NTFS

Computer Name: DOGBOY | User Name: NickN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = D:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = D:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
"D:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe" = D:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet 6700) -- (Hewlett-Packard Co.)
"D:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe" = D:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet 6700) -- (Hewlett-Packard Co.)
"D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = D:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 SDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{32A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}" = HP Officejet 6700 Help
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6B7C73A0-07C7-4C06-A13C-48108D39CF03}" = HP Officejet 6700 Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A5E11CB3-A70A-433E-A1B8-406680CCFB9D}" = NetTerm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E52F8D95-AEB5-3B67-879C-C59DF8AF88EE}" = Google Talk Plugin
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA973416-0C1D-401C-BC81-325F209D247F}" = TurboTax 2011 woriper
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"DivX Setup" = DivX Setup
"Easy-WebPrint" = Easy-WebPrint
"ie8" = Windows Internet Explorer 8
"JCreator LE_is1" = JCreator LE 5.00
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"sp6" = Logitech SetPoint 6.32
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-789336058-839522115-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client - 1
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2012 4:17:53 AM | Computer Name = DOGBOY | Source = Application Hang | ID = 1002
Description = Hanging application DivX Plus Player.exe, version 10.3.3.16, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/13/2012 4:17:58 AM | Computer Name = DOGBOY | Source = Application Hang | ID = 1002
Description = Hanging application DivX Plus Player.exe, version 10.3.3.16, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/14/2012 9:17:07 AM | Computer Name = DOGBOY | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x06dbc260.

Error - 10/15/2012 2:32:29 PM | Computer Name = DOGBOY | Source = Application Error | ID = 1000
Description = Faulting application asoelnch.exe, version 18.7.2.3, faulting module
asoelnch.exe, version 18.7.2.3, fault address 0x00001a6d.

[ System Events ]
Error - 10/11/2012 11:04:19 PM | Computer Name = DOGBOY | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 10/13/2012 1:54:29 AM | Computer Name = DOGBOY | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 10/13/2012 8:15:19 PM | Computer Name = DOGBOY | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer5.

Error - 10/15/2012 11:05:28 AM | Computer Name = DOGBOY | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 10/15/2012 11:19:32 AM | Computer Name = DOGBOY | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 10/16/2012 4:58:36 PM | Computer Name = DOGBOY | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - D:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
    O4 - HKLM..\Run: [GEST] m‘|Pë File not found
    [2011/12/09 23:09:14 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
    
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Log from OTL Custoem Fix run:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
D:\WINDOWS\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes

User: Grace
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 2247 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Max
->Temp folder emptied: 645415 bytes
->Temporary Internet Files folder emptied: 14458043 bytes
->Flash cache emptied: 2364 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nick

User: NickN
->Temp folder emptied: 977076 bytes
->Temporary Internet Files folder emptied: 31209250 bytes
->Google Chrome cache emptied: 113671400 bytes
->Flash cache emptied: 63082 bytes

User: Penny - deleted
->Temp folder emptied: 2681260 bytes
->Temporary Internet Files folder emptied: 45003835 bytes
->Google Chrome cache emptied: 140695863 bytes
->Flash cache emptied: 56397 bytes

User: Penny2
->Temp folder emptied: 2245846 bytes
->Temporary Internet Files folder emptied: 37262586 bytes
->Google Chrome cache emptied: 227721165 bytes
->Flash cache emptied: 63463 bytes

User: TEMP.DOGBOY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25313 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 15491 bytes

Total Files Cleaned = 589.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Grace

User: LocalService

User: Max

User: NetworkService

User: Nick

User: NickN

User: Penny - deleted

User: Penny2

User: TEMP.DOGBOY

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Grace
->Flash cache emptied: 0 bytes

User: LocalService

User: Max
->Flash cache emptied: 0 bytes

User: NetworkService

User: Nick

User: NickN
->Flash cache emptied: 0 bytes

User: Penny - deleted
->Flash cache emptied: 0 bytes

User: Penny2
->Flash cache emptied: 0 bytes

User: TEMP.DOGBOY
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10242012_193149
Files\Folders moved on Reboot...
File\Folder D:\Documents and Settings\Penny - deleted\Local Settings\Temporary Internet Files\Content.IE5\TYML4QH4\YoIWcfVXxvZu9XwJ55OX7Ag,fWOxAcruULoRKXNYeZpE08UOoiujtEHjbS_htKdMxqJgKZg7Ed6uUVNbJ5Qu0H4pbj6BvCqSonEeeO009m7XDlkJ7qDxDCSN2TLlM8ZuvrTkajYC5oAOFli4TXawMl0rkPbHyg[1].gif not found!
File\Folder D:\Documents and Settings\Penny - deleted\Local Settings\Temporary Internet Files\Content.IE5\ODUOGOJY\464o3ed33.ver.6.app.62dhh6thj8cb3.ver.31.app.64c1n65hm8o9m.ver.14.app.64c9hckojgeb5.ver.7.app.66c1j6ph68ohn.ver.31.app.68ohh6com6c1h.ver.8.app.6cdj26sq3cdb6.ver[1].8 not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Security Check Log:

Results of screen317's Security Check version 0.99.53
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
N
o
r
t
o
n
ECHO is off.
S
e
c
u
r
I
t
y
ECHO is off.
S
u
I
t
e
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
JavaFX 2.1.1 SDK
Java 7 Update 7
Java SE Development Kit 7 Update 5
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
NickN My Documents Virus Cleaners SecurityCheck.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive D:: 0%
````````````````````End of Log``````````````````````
 
FSS Log:

Farbar Service Scanner Version: 19-10-2012
Ran by NickN (administrator) on 24-10-2012 at 19:41:44
Running from "D:\Documents and Settings\NickN\My Documents\Virus Cleaners"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
D:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
D:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
D:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
D:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
D:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
D:\WINDOWS\system32\netman.dll => MD5 is legit
D:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
D:\WINDOWS\system32\srsvc.dll => MD5 is legit
D:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
D:\WINDOWS\system32\wscsvc.dll => MD5 is legit
D:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
D:\WINDOWS\system32\wuauserv.dll => MD5 is legit
D:\WINDOWS\system32\qmgr.dll => MD5 is legit
D:\WINDOWS\system32\es.dll => MD5 is legit
D:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
D:\WINDOWS\system32\svchost.exe => MD5 is legit
D:\WINDOWS\system32\rpcss.dll => MD5 is legit
D:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(8) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
**** End of log ****
 
Adware log:

# AdwCleaner v2.005 - Logfile created 10/24/2012 at 19:44:02
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : NickN - DOGBOY
# Boot Mode : Normal
# Running from : D:\Documents and Settings\NickN\My Documents\Virus Cleaners\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : D:\Documents and Settings\Max\Application Data\AVG Secure Search
Folder Deleted : D:\Documents and Settings\Penny2\Application Data\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v22.0.1229.94
File : D:\Documents and Settings\NickN\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.11] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={264FE8D1-099D-412E-AA5C-D06B838D4E47}&mid=afb426046a044e49a15ca77a318d0baa-988fdf92b2c6a47fcdc69da037db3f91616626ec&lang=en&ds=hk014&pr=sa&d=2012-09-19 23:36:41&v=12.2.5.34&sap=hp" ]
Deleted [l.1823] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={264FE8D1-099D-412E-AA5C-D06B838D4E47}&mid=afb426046a044e49a15ca77a318d0baa-988fdf92b2c6a47fcdc69da037db3f91616626ec&lang=en&ds=hk014&pr=sa&d=2012-09-19 23:36:41&v=12.2.5.34&sap=hp" ]
File : D:\Documents and Settings\Penny2\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [3372 octets] - [24/10/2012 19:44:02]
########## EOF - D:\AdwCleaner[S1].txt - [3432 octets] ##########
 
Here is the output from ESET. I deleted the quarentine files.

D:\Documents and Settings\Penny2\My Documents\cnet_InternationalPrimoPDF_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
D:\System Volume Information\_restore{F43FD033-C6EA-4693-BC82-3E9C6A68DB2E}\RP371\A0057263.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
F:\Penny's Documents\cnet_InternationalPrimoPDF_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Thanks I will work on this. I will post again when done. How do I know if I had a trojan or rootkit virus?
 
The OTl log:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Grace
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Max
->Temp folder emptied: 642640 bytes
->Temporary Internet Files folder emptied: 64901 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nick

User: NickN
->Temp folder emptied: 678188 bytes
->Temporary Internet Files folder emptied: 12058132 bytes
->Google Chrome cache emptied: 30867499 bytes
->Flash cache emptied: 1865 bytes

User: Penny - deleted
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Penny2
->Temp folder emptied: 918254 bytes
->Temporary Internet Files folder emptied: 51023103 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1027 bytes

User: TEMP.DOGBOY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26799 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 92.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Grace
->Flash cache emptied: 0 bytes

User: LocalService

User: Max
->Flash cache emptied: 0 bytes

User: NetworkService

User: Nick

User: NickN
->Flash cache emptied: 0 bytes

User: Penny - deleted
->Flash cache emptied: 0 bytes

User: Penny2
->Flash cache emptied: 0 bytes

User: TEMP.DOGBOY
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Grace

User: LocalService

User: Max

User: NetworkService

User: Nick

User: NickN

User: Penny - deleted

User: Penny2

User: TEMP.DOGBOY

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.69.0 log created on 10252012_184822
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Back