Solved Hard to clean virus?

Status
Not open for further replies.
J

jagsjim

Posts: 139   +0
I've frequented this site for years. I have used the tips and answers that have been provided on numerous occasions. But now I am stumped. Computer's resources shoot up to 100% everytime I open a webpage. I've ran every scan I can think of.
Any and all help is appreciated.

Here are my recent log results.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6310

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2011 8:33:12 AM
mbam-log-2011-04-08 (08-33-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 193340
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
....................................................

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-08 08:43:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3250823A rev.3.03
Running: 6qcr25xw.exe; Driver: C:\DOCUME~1\Jimmy\LOCALS~1\Temp\fxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB83EC026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB83EBE91]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB84358DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/30/2010 10:42:13 AM
System Uptime: 4/8/2011 8:13:16 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 230 GiB total, 194.054 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82865G Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_019D1028&REV_02\3&172E68DD&0&10
Service: ialm
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Standard - English, Français, Deutsch
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
AIM 7
Akamai NetSession Interface
avast! Free Antivirus
BitTorrent
CCleaner
Compatibility Pack for the 2007 Office system
Dell ResourceCD
Download Updater (AOL LLC)
ExtractNow
Foxit Reader
Free Mp3 Wma Converter V 1.91
Google Chrome
Google Earth Plug-in
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
IGC Software
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java(TM) 6 Update 12
Jubler subtitle editor
Junk Mail filter update
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Meeting 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector/ODBC 3.51
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Paint.NET v3.5.5
Picasa 3
ScanSnap Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923789)
Segoe UI
Softros LAN Messenger
Software Update Wizard (Redist) 4.5
SoundMAX
Spybot - Search & Destroy
SwizzTool (remove only)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB971029)
VLC media player 1.1.5
VobSub v2.23 (Remove Only)
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Works Upgrade
.
==== Event Viewer Messages From Past Week ========
.
4/8/2011 8:11:43 AM, error: Service Control Manager [7034] - The Web Update Wizard Service V4 service terminated unexpectedly. It has done this 1 time(s).
4/8/2011 8:11:43 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2011 8:11:43 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
4/8/2011 8:11:43 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2011 8:11:43 AM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
4/8/2011 8:11:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
4/1/2011 8:19:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
4/1/2011 8:19:20 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jimmy at 8:44:04.95 on Fri 04/08/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1554 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WebUpdateSvc4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SwizzTool\SwizzTool.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jimmy\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Google Update] "c:\documents and settings\jimmy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SwizzTool] c:\program files\swizztool\SwizzTool.exe
mRun: [PfuSsSct.exe] c:\program files\pfu\scansnap\PfuSsSct.exe /Station
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\checkf~1.lnk - c:\program files\igc software\IGCUpdater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\program files\softros systems\softros messenger\Messenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: unigroupinc.com
Trusted Zone: unigroupinc.net
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269970136531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {268EDF87-3E70-4181-8216-3D4B507F4FE4} = 4.2.2.2,4.2.2.1
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-18 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-1-24 301528]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-1-24 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-24 42184]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-3-30 47640]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2010-2-15 278800]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-5 136176]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-03-18 12:35:57 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
==================== Find3M ====================
.
2011-02-23 14:04:21 40648 ----a-w- c:\windows\avastSS.scr
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 21:28:17 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 21:28:17 410984 ----a-w- c:\windows\system32\deploytk.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 8:45:04.03 ===============
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x01000015

Kernel Drivers (total 124):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 PCIIde.sys
0xF7707000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF798B000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798D000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7463000 KSecDD.sys
0xF7450000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7423000 NDIS.sys
0xF7409000 Mup.sys
0xF7587000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7767000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xBA0DB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9A9A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9A86000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9A62000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF777F000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7577000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7927000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9A4E000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7567000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7557000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9A2B000 \SystemRoot\system32\DRIVERS\ks.sys
0xB99EB000 \SystemRoot\system32\drivers\smwdm.sys
0xB99C7000 \SystemRoot\system32\drivers\portcls.sys
0xF7547000 \SystemRoot\system32\drivers\drmk.sys
0xB9914000 \SystemRoot\system32\drivers\senfilt.sys
0xF7A99000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xF7A9A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7527000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB98FD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7517000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7507000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB98EC000 \SystemRoot\system32\DRIVERS\psched.sys
0xF74F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF77DF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB98BC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7657000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF77EF000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF799D000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9836000 \SystemRoot\system32\DRIVERS\update.sys
0xBA7E0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA31C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA30C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7817000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79AD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA10D000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B1000 \SystemRoot\System32\Drivers\Beep.SYS
0xF773F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7747000 \SystemRoot\System32\drivers\vga.sys
0xF79B5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7757000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7777000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF792B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB85EB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB8592000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA2DC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB856C000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2CC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB8544000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF779F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB8522000 \SystemRoot\System32\drivers\afd.sys
0xBA2BC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB84F7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB98AC000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB845F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA28C000 \SystemRoot\System32\Drivers\Fips.SYS
0xB8417000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB83B9000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xF77B7000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF77D7000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF77FF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF76A7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB84F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB84EB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB84E3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8379000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79DD000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB98B0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7727000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ABB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF5E6000 \SystemRoot\System32\ATMFD.DLL
0xB83AD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xB7E4A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB7C57000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB7922000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7ADF000 \SystemRoot\system32\drivers\sysaudio.sys
0xB77AF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79BF000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB763F000 \SystemRoot\system32\DRIVERS\srv.sys
0xF79EB000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xB76FF000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB65F0000 \SystemRoot\System32\Drivers\HTTP.sys
0xB6395000 \SystemRoot\system32\drivers\kmixer.sys
0xB637C000 \??\C:\DOCUME~1\Jimmy\LOCALS~1\Temp\fxtdypoc.sys
0xB861E000 \??\C:\DOCUME~1\Jimmy\LOCALS~1\Temp\mbr.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
756 C:\WINDOWS\system32\services.exe
768 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\svchost.exe
1004 svchost.exe
1092 C:\WINDOWS\system32\svchost.exe
1124 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1228 svchost.exe
1444 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1888 C:\WINDOWS\system32\spoolsv.exe
204 svchost.exe
236 C:\WINDOWS\system32\svchost.exe
336 C:\Program Files\Java\jre6\bin\jqs.exe
472 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
616 C:\Program Files\LogMeIn\x86\ramaint.exe
684 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1120 C:\WINDOWS\system32\nvsvc32.exe
1224 C:\WINDOWS\system32\svchost.exe
1388 C:\WINDOWS\system32\WebUpdateSvc4.exe
2140 C:\WINDOWS\explorer.exe
2568 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2736 C:\Program Files\Analog Devices\Core\smax4pnp.exe
2844 C:\Program Files\SwizzTool\SwizzTool.exe
2916 C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
2972 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3100 C:\WINDOWS\system32\rundll32.exe
3280 C:\Program Files\AIM\aim.exe
3740 alg.exe
4076 C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
4032 C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe
1268 C:\Program Files\Internet Explorer\iexplore.exe
1072 C:\Program Files\Internet Explorer\iexplore.exe
3964 C:\Program Files\Internet Explorer\iexplore.exe
132 C:\Documents and Settings\Jimmy\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

PhysicalDrive0 Model Number: ST3250823A, Rev: 3.03

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
ComboFix 11-04-07.08 - Jimmy 04/08/2011 9:05.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1506 [GMT -4:00]
Running from: c:\documents and settings\Jimmy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((( Files Created from 2011-03-08 to 2011-04-08 ))))
.
.
2011-03-18 12:35 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
.
.
(((((((((((((((( Find3M Report )))))))))))))))
.
2011-02-23 14:04 . 2011-01-25 02:39 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2011-01-25 02:39 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2011-01-25 02:40 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2011-01-25 02:40 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2011-01-25 02:40 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2011-01-25 02:40 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2011-01-25 02:40 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2011-01-25 02:40 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2011-01-25 02:40 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-09 13:53 . 2004-08-04 12:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-03-30 14:36 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-03-30 14:36 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 21:28 . 2010-03-30 18:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 21:28 . 2010-03-30 18:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-01-25_01.49.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 06:19 . 2007-11-07 06:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
- 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
- 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2011-04-08 12:14 . 2011-04-08 12:14 16384 c:\windows\Temp\Perflib_Perfdata_ec.dat
+ 2011-04-08 12:14 . 2011-04-08 12:14 16384 c:\windows\Temp\Perflib_Perfdata_150.dat
+ 2011-02-11 17:33 . 1998-07-13 05:00 21504 c:\windows\system32\TABCTFR.DLL
- 2010-03-30 19:14 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-03-30 19:14 . 2010-07-05 13:15 17272 c:\windows\system32\spmsg.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 81920 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvwddi.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 81920 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvmctray.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 35328 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvcod.dll
+ 2004-08-04 12:00 . 2011-03-14 12:37 67312 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-11-10 14:37 67312 c:\windows\system32\perfc009.dat
- 2010-03-30 15:08 . 2007-12-05 07:41 81920 c:\windows\system32\nvwddi.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 81920 c:\windows\system32\nvwddi.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 86016 c:\windows\system32\nvmctray.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 45056 c:\windows\system32\nvmccsrs.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2010-12-20 23:59 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-02-11 17:33 . 1998-07-13 05:00 59904 c:\windows\system32\Mscc2fr.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 43520 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
+ 2011-02-11 17:33 . 1998-07-13 05:00 15360 c:\windows\system32\inetfr.DLL
- 2010-03-30 18:16 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-03-30 18:16 . 2010-12-20 23:59 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2010-12-20 23:59 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2010-03-30 18:16 . 2010-12-20 23:59 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-03-30 18:16 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-03-08 08:34 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:34 . 2010-12-20 23:59 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2010-12-20 23:59 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2009-03-08 08:33 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-12-14 07:08 . 2010-12-09 14:30 33280 c:\windows\system32\dllcache\csrsrv.dll
- 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2004-08-04 12:00 . 2010-12-09 14:30 33280 c:\windows\system32\csrsrv.dll
- 2004-08-04 12:00 . 2009-12-14 07:08 33280 c:\windows\system32\csrsrv.dll
+ 2011-02-11 17:33 . 1998-07-13 01:00 32768 c:\windows\system32\CMDLGFR.DLL
+ 2011-02-12 08:00 . 2011-02-12 08:00 34632 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2011-01-08 20:16 . 2011-01-08 20:16 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-01-08 20:16 . 2011-02-21 15:35 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 12800 c:\windows\ie8updates\KB2482017-IE8\xpshims.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 66560 c:\windows\ie8updates\KB2482017-IE8\mshtmled.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 55296 c:\windows\ie8updates\KB2482017-IE8\msfeedsbs.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 43520 c:\windows\ie8updates\KB2482017-IE8\licmgr10.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 25600 c:\windows\ie8updates\KB2482017-IE8\jsproxy.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2485376\update\spcustom.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2485376\spmsg.dll
+ 2011-02-08 21:59 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2483185\update\spcustom.dll
+ 2011-02-08 21:59 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2483185\spmsg.dll
+ 2011-02-08 21:58 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2482017-IE8\update\spcustom.dll
+ 2011-02-08 21:58 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2482017-IE8\spmsg.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 12800 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\xpshims.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 66560 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtmled.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 55296 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeedsbs.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 43520 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\licmgr10.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 25600 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\jsproxy.dll
+ 2011-03-09 08:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2481109\update\spcustom.dll
+ 2011-03-09 08:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2481109\spmsg.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 53248 c:\windows\$hf_mig$\KB2481109\SP3QFE\tsgqec.dll
+ 2011-03-09 08:02 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479943\update\spcustom.dll
+ 2011-03-09 08:02 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479943\spmsg.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2479628\update\spcustom.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2479628\spmsg.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478971\update\spcustom.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478971\spmsg.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2478960\update\spcustom.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2478960\spmsg.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2476687\update\spcustom.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2476687\spmsg.dll
+ 2010-12-09 14:29 . 2010-12-09 14:29 33280 c:\windows\$hf_mig$\KB2476687\SP3QFE\csrsrv.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2393802\update\spcustom.dll
+ 2011-02-08 21:50 . 2010-12-09 15:15 16896 c:\windows\$hf_mig$\KB2393802\update\mpsyschk.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2393802\spmsg.dll
+ 2011-03-05 16:22 . 2001-08-18 03:36 5632 c:\windows\system32\ptpusb.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2011-02-11 17:33 . 2005-02-24 17:51 348160 c:\windows\system32\WMAFile.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 916480 c:\windows\system32\wininet.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\wininet.dll
+ 2011-02-11 17:33 . 1999-03-26 01:00 101888 c:\windows\system32\VB6STKIT.DLL
+ 2011-02-11 17:33 . 2000-10-02 01:00 119568 c:\windows\system32\VB6FR.DLL
+ 2004-08-04 12:00 . 2009-07-27 23:17 135168 c:\windows\system32\shsvcs.dll
- 2004-08-04 12:00 . 2008-04-14 00:12 135168 c:\windows\system32\shsvcs.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 155716 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvsvc32.exe
+ 2011-03-01 14:36 . 2007-12-05 07:41 286720 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvnt4cpl.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 188416 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvmccss.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 229376 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvmccs.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 385024 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvapi.dll
+ 2011-03-05 16:22 . 2008-04-14 00:12 159232 c:\windows\system32\ptpusd.dll
+ 2004-08-04 12:00 . 2011-03-14 12:37 432356 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2010-11-10 14:37 432356 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-12-20 23:59 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
+ 2011-03-01 14:36 . 2008-05-16 16:48 446464 c:\windows\system32\NVUNINST.EXE
+ 2011-03-01 14:37 . 2008-05-16 19:01 446464 c:\windows\system32\nvudisp.exe
+ 2010-03-30 15:08 . 2008-05-16 19:01 159812 c:\windows\system32\nvsvc32.exe
+ 2008-05-16 19:01 . 2008-05-16 19:01 466944 c:\windows\system32\nvshell.dll
+ 2010-03-30 15:07 . 2008-05-16 19:01 286720 c:\windows\system32\nvnt4cpl.dll
- 2010-03-30 15:07 . 2007-12-05 07:41 286720 c:\windows\system32\nvnt4cpl.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 188416 c:\windows\system32\nvmccss.dll
- 2010-03-30 15:08 . 2007-12-05 07:41 188416 c:\windows\system32\nvmccss.dll
- 2010-03-30 15:08 . 2007-12-05 07:41 229376 c:\windows\system32\nvmccs.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 229376 c:\windows\system32\nvmccs.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 313888 c:\windows\system32\nvexpbar.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 768544 c:\windows\system32\nvcplui.exe
+ 2008-05-16 19:01 . 2008-05-16 19:01 147456 c:\windows\system32\nvcolor.exe
+ 2010-03-30 15:08 . 2008-05-16 19:01 114688 c:\windows\system32\nvcodins.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 114688 c:\windows\system32\nvcod.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 442368 c:\windows\system32\nvappbar.exe
+ 2010-03-30 15:08 . 2008-05-16 19:01 425984 c:\windows\system32\nvapi.dll
+ 2004-08-04 12:00 . 2010-12-09 15:15 718336 c:\windows\system32\ntdll.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
+ 2009-03-08 08:32 . 2010-12-20 23:59 602112 c:\windows\system32\msfeeds.dll
+ 2011-02-11 17:33 . 1998-07-13 05:00 141312 c:\windows\system32\MSCMCFR.DLL
+ 2011-03-29 20:54 . 2011-03-29 20:54 235168 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
+ 2011-03-29 20:54 . 2011-03-29 20:54 311456 c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.dll
+ 2004-08-04 12:00 . 2010-12-20 17:26 730112 c:\windows\system32\lsasrv.dll
- 2004-08-04 12:00 . 2009-06-25 08:25 730112 c:\windows\system32\lsasrv.dll
+ 2011-02-11 17:33 . 2008-09-25 02:33 484352 c:\windows\system32\lame_enc.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 425984 c:\windows\system32\keystone.exe
- 2004-08-04 12:00 . 2009-06-25 08:25 301568 c:\windows\system32\kerberos.dll
+ 2004-08-04 12:00 . 2010-12-22 12:34 301568 c:\windows\system32\kerberos.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-12-20 23:59 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-12-20 12:55 173568 c:\windows\system32\ie4uinit.exe
+ 2010-03-30 09:27 . 2011-02-11 17:38 191384 c:\windows\system32\FNTCACHE.DAT
+ 2009-12-22 05:21 . 2010-12-20 23:59 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-12-22 05:21 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2009-07-27 23:17 . 2009-07-27 23:17 135168 c:\windows\system32\dllcache\shsvcs.dll
+ 2011-01-21 14:44 . 2011-01-21 14:44 439296 c:\windows\system32\dllcache\shimgvw.dll
+ 2011-02-09 13:53 . 2011-02-09 13:53 270848 c:\windows\system32\dllcache\sbe.dll
+ 2009-03-08 08:34 . 2010-12-20 23:59 206848 c:\windows\system32\dllcache\occache.dll
- 2009-03-08 08:34 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
+ 2010-03-30 16:46 . 2010-12-09 15:15 718336 c:\windows\system32\dllcache\ntdll.dll
+ 2009-03-08 08:32 . 2010-12-20 23:59 611840 c:\windows\system32\dllcache\mstime.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-03-30 18:16 . 2010-12-20 23:59 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-03-30 18:16 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2010-12-20 17:26 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2011-01-27 11:57 . 2011-01-27 11:57 677888 c:\windows\system32\dllcache\lhmstsc.exe
+ 2009-06-25 08:25 . 2010-12-22 12:34 301568 c:\windows\system32\dllcache\kerberos.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
- 2010-03-30 18:16 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2010-03-30 18:16 . 2010-12-20 23:59 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2009-03-08 08:31 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 08:31 . 2010-12-20 23:59 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-10 16:59 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-10 16:59 . 2010-12-20 23:59 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2009-03-08 18:09 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 18:09 . 2010-12-20 23:59 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:32 . 2010-12-20 12:55 173568 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-03-08 08:32 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
- 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-04-20 05:30 . 2011-01-07 14:09 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2011-02-11 17:33 . 2005-02-24 21:21 458752 c:\windows\system32\AudPlayer.dll
+ 2011-02-11 17:33 . 2005-02-24 18:11 479232 c:\windows\system32\AudioVisu.dll
+ 2011-02-11 17:33 . 2005-03-10 22:00 454656 c:\windows\system32\AudioRecord.dll
+ 2011-02-11 17:33 . 2005-02-24 18:10 417792 c:\windows\system32\AudDisplay.dll
- 2004-08-04 12:00 . 2010-10-28 13:13 290048 c:\windows\system32\atmfd.dll
+ 2004-08-04 12:00 . 2011-01-07 14:09 290048 c:\windows\system32\atmfd.dll
+ 2011-01-25 02:40 . 2011-01-25 02:40 219648 c:\windows\Installer\853f30.msi
+ 2011-02-10 16:58 . 2011-02-10 16:58 381440 c:\windows\Installer\5f6ac72.msi
+ 2011-02-08 21:58 . 2010-11-06 00:26 916480 c:\windows\ie8updates\KB2482017-IE8\wininet.dll
+ 2011-02-08 21:58 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2482017-IE8\spuninst\updspapi.dll
+ 2011-02-08 21:58 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2482017-IE8\spuninst\spuninst.exe
+ 2011-02-08 21:58 . 2010-11-06 00:26 206848 c:\windows\ie8updates\KB2482017-IE8\occache.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 611840 c:\windows\ie8updates\KB2482017-IE8\mstime.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 602112 c:\windows\ie8updates\KB2482017-IE8\msfeeds.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 247808 c:\windows\ie8updates\KB2482017-IE8\ieproxy.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 184320 c:\windows\ie8updates\KB2482017-IE8\iepeers.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 743424 c:\windows\ie8updates\KB2482017-IE8\iedvtool.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 387584 c:\windows\ie8updates\KB2482017-IE8\iedkcs32.dll
+ 2011-02-08 21:58 . 2010-11-03 12:26 173568 c:\windows\ie8updates\KB2482017-IE8\ie4uinit.exe
+ 2010-01-15 18:25 . 2011-03-21 18:48 320896 c:\windows\Downloaded Program Files\LMIGuardianEvt.dll
+ 2010-01-15 18:25 . 2011-03-21 18:51 374160 c:\windows\Downloaded Program Files\LMIGuardian.exe
+ 2010-07-20 22:04 . 2010-07-20 22:04 189952 c:\windows\Downloaded Program Files\IEAWSDC.DLL
+ 2011-02-08 22:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2485376\update\updspapi.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2485376\update\update.exe
+ 2011-02-08 22:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2485376\spuninst.exe
+ 2011-01-07 14:09 . 2011-01-07 14:09 290048 c:\windows\$hf_mig$\KB2485376\SP3QFE\atmfd.dll
+ 2011-02-08 21:59 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2483185\update\updspapi.dll
+ 2011-02-08 21:59 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2483185\update\update.exe
+ 2011-02-08 21:59 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2483185\spuninst.exe
+ 2011-01-21 14:42 . 2011-01-21 14:42 439808 c:\windows\$hf_mig$\KB2483185\SP3QFE\shimgvw.dll
+ 2011-02-08 21:58 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2482017-IE8\update\updspapi.dll
+ 2011-02-08 21:58 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2482017-IE8\update\update.exe
+ 2011-02-08 21:58 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2482017-IE8\spuninst.exe
+ 2011-02-08 21:51 . 2010-12-20 23:58 919552 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 206848 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\occache.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 611840 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mstime.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 602112 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\msfeeds.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 247808 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieproxy.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 184320 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iepeers.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 743424 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedvtool.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 387584 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iedkcs32.dll
+ 2011-02-08 21:51 . 2010-12-20 12:48 173568 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ie4uinit.exe
+ 2011-03-09 08:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2481109\update\updspapi.dll
+ 2011-03-09 08:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2481109\update\update.exe
+ 2011-03-09 08:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2481109\spuninst.exe
+ 2011-01-27 11:41 . 2011-01-27 11:41 677888 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstsc.exe
+ 2011-02-02 07:57 . 2011-02-02 07:57 136192 c:\windows\$hf_mig$\KB2481109\SP3QFE\aaclient.dll
+ 2011-03-09 08:02 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479943\update\updspapi.dll
+ 2011-03-09 08:02 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479943\update\update.exe
+ 2011-03-09 08:02 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479943\spuninst.exe
+ 2011-02-09 13:52 . 2011-02-09 13:52 270848 c:\windows\$hf_mig$\KB2479943\SP3QFE\sbe.dll
+ 2011-02-09 13:52 . 2011-02-09 13:52 186880 c:\windows\$hf_mig$\KB2479943\SP3QFE\encdec.dll
+ 2011-02-08 22:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2479628\update\updspapi.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2479628\update\update.exe
+ 2011-02-08 22:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2479628\spuninst.exe
+ 2011-02-08 22:00 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478971\update\updspapi.dll
+ 2011-02-08 22:00 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478971\update\update.exe
+ 2011-02-08 22:00 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478971\spuninst.exe
+ 2010-12-22 12:32 . 2010-12-22 12:32 301568 c:\windows\$hf_mig$\KB2478971\SP3QFE\kerberos.dll
+ 2011-02-08 21:57 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2478960\update\updspapi.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2478960\update\update.exe
+ 2011-02-08 21:57 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2478960\spuninst.exe
+ 2010-12-20 17:24 . 2010-12-20 17:24 730112 c:\windows\$hf_mig$\KB2478960\SP3QFE\lsasrv.dll
+ 2011-02-08 21:57 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2476687\update\updspapi.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2476687\update\update.exe
+ 2011-02-08 21:57 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2476687\spuninst.exe
+ 2011-02-08 21:57 . 2010-07-05 13:16 382840 c:\windows\$hf_mig$\KB2393802\update\updspapi.dll
+ 2011-02-08 21:57 . 2010-07-05 13:15 755576 c:\windows\$hf_mig$\KB2393802\update\update.exe
+ 2011-02-08 21:57 . 2010-07-05 13:15 231288 c:\windows\$hf_mig$\KB2393802\spuninst.exe
+ 2011-02-08 21:50 . 2010-12-09 15:15 718336 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
- 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2004-08-04 12:00 . 2010-12-31 13:10 1854976 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2010-12-20 23:59 1210880 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2010-07-27 06:30 8462336 c:\windows\system32\shell32.dll
+ 2004-08-04 12:00 . 2011-01-21 14:44 8462336 c:\windows\system32\shell32.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 2498560 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvwss.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 3710976 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvvitvs.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 6901760 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvoglnt.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 1228800 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvmobls.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 3420160 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvgames.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 6549504 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvdisps.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 1089536 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvcuda.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 8523776 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nvcpl.dll
+ 2011-03-01 14:36 . 2007-12-05 07:41 7435392 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nv4_mini.sys
+ 2011-03-01 14:36 . 2007-12-05 07:41 5773568 c:\windows\system32\ReinstallBackups\0007\DriverFiles\nv4_disp.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 1630208 c:\windows\system32\nwiz.exe
+ 2010-03-30 15:08 . 2008-05-16 19:01 2629632 c:\windows\system32\nvwss.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 1019904 c:\windows\system32\nvwimg.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 1703936 c:\windows\system32\nvwdmcpl.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 3776512 c:\windows\system32\nvvitvs.dll
+ 2010-03-30 15:07 . 2008-05-16 19:01 8769536 c:\windows\system32\nvoglnt.dll
+ 2010-03-30 15:07 . 2008-05-16 19:01 1257472 c:\windows\system32\nvmobls.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 1486848 c:\windows\system32\nview.dll
+ 2010-03-30 15:07 . 2008-05-16 19:01 3391488 c:\windows\system32\nvgames.dll
+ 2008-05-16 19:01 . 2008-05-16 19:01 1339392 c:\windows\system32\nvdspsch.exe
+ 2010-03-30 15:07 . 2008-05-16 19:01 6582272 c:\windows\system32\nvdisps.dll
+ 2010-03-30 15:08 . 2008-05-16 19:01 1241088 c:\windows\system32\nvcuda.dll
+ 2010-03-30 09:31 . 2008-05-16 19:01 6108928 c:\windows\system32\nv4_disp.dll
+ 2004-08-04 12:00 . 2010-12-09 13:38 2192768 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2010-12-09 13:07 2069376 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 12:00 . 2010-12-20 23:59 5961216 c:\windows\system32\mshtml.dll
+ 2011-02-11 17:33 . 2003-03-19 03:20 1060864 c:\windows\system32\MFC71.dll
+ 2009-03-08 08:32 . 2010-12-20 23:59 1991680 c:\windows\system32\iertutil.dll
- 2009-03-08 08:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2010-03-30 09:31 . 2008-05-16 19:01 6557408 c:\windows\system32\drivers\nv4_mini.sys
+ 2009-08-14 13:21 . 2010-12-31 13:10 1854976 c:\windows\system32\dllcache\win32k.sys
- 2009-12-22 05:21 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2009-12-22 05:21 . 2010-12-20 23:59 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2011-01-21 14:44 8462336 c:\windows\system32\dllcache\shell32.dll
- 2008-06-17 19:02 . 2010-07-27 06:30 8462336 c:\windows\system32\dllcache\shell32.dll
+ 2010-03-30 09:31 . 2008-05-16 19:01 6557408 c:\windows\system32\dllcache\nv4_mini.sys
+ 2010-03-30 16:46 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2010-03-30 16:46 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2010-03-30 16:46 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2009-12-22 05:21 . 2010-12-20 23:59 5961216 c:\windows\system32\dllcache\mshtml.dll
+ 2011-02-02 07:58 . 2011-02-02 07:58 2067456 c:\windows\system32\dllcache\lhmstscx.dll
+ 2010-03-30 18:16 . 2010-12-20 23:59 1991680 c:\windows\system32\dllcache\iertutil.dll
- 2010-03-30 18:16 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2011-02-11 17:33 . 2005-02-24 18:11 1212416 c:\windows\system32\AudioInfos.dll
+ 2011-02-11 17:33 . 2005-03-11 23:37 1986560 c:\windows\system32\AudFile.dll
+ 2011-02-11 17:33 . 2005-02-24 18:10 2084864 c:\windows\system32\AudDesign.dll
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\3158201.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\31581f9.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\31581f1.msp
+ 2010-08-04 20:12 . 2010-08-04 20:12 1004544 c:\windows\Installer\31581e9.msp
+ 2009-08-19 23:04 . 2009-08-19 23:04 4542296 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\WRD12CNV.DLL
+ 2011-02-08 21:58 . 2010-11-06 00:26 1210880 c:\windows\ie8updates\KB2482017-IE8\urlmon.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 5959168 c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
+ 2011-02-08 21:58 . 2010-11-06 00:26 1991680 c:\windows\ie8updates\KB2482017-IE8\iertutil.dll
+ 2010-03-30 16:46 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2010-03-30 16:46 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-08 00:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2010-03-30 16:46 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-03-07 17:51 . 2011-03-21 18:57 4097424 c:\windows\Downloaded Program Files\RACtrl.dll
+ 2010-01-15 18:25 . 2011-03-21 18:48 1021312 c:\windows\Downloaded Program Files\LMIGuardianDll.dll
+ 2011-01-21 14:42 . 2011-01-21 14:42 8463360 c:\windows\$hf_mig$\KB2483185\SP3QFE\shell32.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 1211904 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\urlmon.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 5962240 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 1992192 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\iertutil.dll
+ 2011-02-02 07:57 . 2011-02-02 07:57 2069504 c:\windows\$hf_mig$\KB2481109\SP3QFE\lhmstscx.dll
+ 2010-12-31 13:14 . 2010-12-31 13:14 1864064 c:\windows\$hf_mig$\KB2479628\SP3QFE\win32k.sys
+ 2011-02-08 21:50 . 2010-12-09 13:43 2192768 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
+ 2011-02-08 21:50 . 2010-12-09 13:09 2027008 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrpamp.exe
+ 2010-12-09 23:39 . 2010-12-09 23:39 2069376 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
+ 2011-02-08 21:50 . 2010-12-09 13:47 2148864 c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlmp.exe
+ 2010-03-30 15:08 . 2008-05-16 19:01 13529088 c:\windows\system32\nvcpl.dll
+ 2010-03-30 18:04 . 2011-03-09 08:00 37943240 c:\windows\system32\MRT.exe
- 2009-03-08 08:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2009-03-08 08:39 . 2010-12-21 10:29 11080704 c:\windows\system32\ieframe.dll
- 2010-03-30 18:16 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-03-30 18:16 . 2010-12-21 10:29 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2011-02-21 15:35 . 2011-02-21 15:35 20308992 c:\windows\Installer\adab9db.msp
+ 2009-08-17 22:39 . 2009-08-17 22:39 15119720 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\XL12CNV.EXE
+ 2009-08-17 21:40 . 2009-08-17 21:40 17309040 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6514\MSO.DLL
+ 2011-02-08 21:58 . 2010-11-06 00:26 11080704 c:\windows\ie8updates\KB2482017-IE8\ieframe.dll
+ 2011-02-08 21:51 . 2010-12-20 23:58 11082752 c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-30 136176]
"Aim"="c:\program files\AIM\aim.exe" [2011-01-05 4321112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SwizzTool"="c:\program files\SwizzTool\SwizzTool.exe" [2007-06-07 1379840]
"PfuSsSct.exe"="c:\program files\PFU\ScanSnap\PfuSsSct.exe" [2003-12-22 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2011-01-21 148888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Check For Updates.lnk - c:\program files\IGC Software\IGCUpdater.exe [2007-10-29 126976]
Launch Softros Messenger.lnk - c:\program files\Softros Systems\Softros Messenger\Messenger.exe [2010-3-30 662528]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-10-7 712704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 18:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Softros Systems\\Softros Messenger\\Messenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Jubler.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2846:TCP"= 2846:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/18/2011 8:35 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/24/2011 10:40 PM 301528]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/24/2011 10:40 PM 19544]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/1/2010 8:12 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2/15/2010 7:44 AM 278800]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/5/2010 8:51 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - fxtdypoc
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 10:28]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-05 10:28]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-839522115-1003Core.job
- c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 16:18]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-839522115-1003UA.job
- c:\documents and settings\Jimmy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 16:18]
.
2011-04-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
 
....Continued........


------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: unigroupinc.com
Trusted Zone: unigroupinc.net
TCP: {268EDF87-3E70-4181-8216-3D4B507F4FE4} = 4.2.2.2,4.2.2.1
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-08 09:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-04-08 09:16:32
ComboFix-quarantined-files.txt 2011-04-08 13:16
ComboFix2.txt 2011-01-25 01:51
.
Pre-Run: 208,306,200,576 bytes free
Post-Run: 208,291,848,192 bytes free
 
Downloaded OTL

Added to Quick Scan:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
----------------------------
OTL Extras logfile created on: 4/8/2011 9:30:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jimmy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.99 Gb Total Space | 194.00 Gb Free Space | 84.35% Space Free | Partition Type: NTFS
Drive Y: | 297.96 Gb Total Space | 211.62 Gb Free Space | 71.02% Space Free | Partition Type: NTFS

Computer Name: JIMMY | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"2846:TCP" = 2846:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe" = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe:*:Enabled:Softros LAN Messenger -- ()
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe" = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe:*:Enabled:Softros LAN Messenger -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe" = C:\Program Files\Java\jre6\launch4j-tmp\Jubler.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{664DA99C-4C20-442A-8539-BF54D9986E14}" = IGC Software
"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard - English, Français, Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"14A11346-EE50-4324-B196-01DA5144E46D_is1" = Softros LAN Messenger
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"ExtractNow_is1" = ExtractNow
"Foxit Reader" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Jubler" = Jubler subtitle editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Software Update Wizard (Redist)" = Software Update Wizard (Redist) 4.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SwizzTool" = SwizzTool (remove only)
"VLC media player" = VLC media player 1.1.5
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/12/2010 9:25:04 AM | Computer Name = JIMMY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/29/2010 8:30:06 AM | Computer Name = JIMMY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/1/2010 8:42:16 AM | Computer Name = JIMMY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x101ae390.

Error - 11/13/2010 12:35:48 PM | Computer Name = JIMMY | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x79000000.

Error - 11/16/2010 9:19:11 AM | Computer Name = JIMMY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2010 9:41:41 AM | Computer Name = COMPUTERNAME01 | Source = Microsoft Office 12 | ID = 2001
Description =

Error - 11/30/2010 5:29:34 PM | Computer Name = JIMMY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/1/2010 1:14:38 PM | Computer Name = JIMMY | Source = Microsoft Works 8 | ID = 1000
Description =

Error - 1/21/2011 5:14:31 PM | Computer Name = JIMMY | Source = MsiInstaller | ID = 10005
Description = Product: Java(TM) 6 Update 12 -- Error 25099. Unzipping core files
failed.

Error - 1/21/2011 5:21:38 PM | Computer Name = JIMMY | Source = JavaQuickStarterService | ID = 1
Description =

[ System Events ]
Error - 3/19/2011 4:55:09 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The Web Update Wizard Service V4 service terminated unexpectedly.
It has done this 1 time(s).

Error - 3/19/2011 4:55:09 PM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 4/1/2011 8:19:20 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/1/2011 8:19:20 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/8/2011 8:11:43 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/8/2011 8:11:43 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The LMIGuardianSvc service terminated unexpectedly. It has done this
1 time(s).

Error - 4/8/2011 8:11:43 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/8/2011 8:11:43 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/8/2011 8:11:43 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).

Error - 4/8/2011 8:11:43 AM | Computer Name = JIMMY | Source = Service Control Manager | ID = 7034
Description = The Web Update Wizard Service V4 service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
 
OTL logfile created on: 4/8/2011 9:30:56 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jimmy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.99 Gb Total Space | 194.00 Gb Free Space | 84.35% Space Free | Partition Type: NTFS
Drive Y: | 297.96 Gb Total Space | 211.62 Gb Free Space | 71.02% Space Free | Partition Type: NTFS

Computer Name: JIMMY | User Name: Jimmy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/08 09:24:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimmy\Desktop\OTL.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/05 13:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/02/15 07:44:26 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/07 15:35:00 | 001,379,840 | ---- | M] (Jonas Andersson) -- C:\Program Files\SwizzTool\SwizzTool.exe
PRC - [2003/12/22 10:06:40 | 000,110,592 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\PfuSsSct.exe


========== Modules (SafeList) ==========

MOD - [2011/04/08 09:24:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimmy\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/30 16:52:15 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/02/15 07:44:26 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2004/11/01 05:19:00 | 000,163,712 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


[2010/05/08 14:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/03/18 09:01:11 | 000,431,122 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14841 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe (PFU LIMITED)
O4 - HKLM..\Run: [SwizzTool] C:\Program Files\SwizzTool\SwizzTool.exe (Jonas Andersson)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Check For Updates.lnk = C:\Program Files\IGC Software\IGCUpdater.exe (IGC Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launch Softros Messenger.lnk = C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O15 - HKCU\..Trusted Domains: unigroupinc.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: unigroupinc.net ([]* in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1269970136531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/30 10:40:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/08 09:24:27 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jimmy\Desktop\OTL.exe
[2011/04/05 10:38:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jimmy\Recent
[2011/03/18 08:35:57 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

========== Files - Modified Within 30 Days ==========

[2011/04/08 09:24:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimmy\Desktop\OTL.exe
[2011/04/08 09:01:41 | 004,316,701 | R--- | M] () -- C:\Documents and Settings\Jimmy\Desktop\ComboFix.exe
[2011/04/08 08:59:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\MBRCheck.exe
[2011/04/08 08:56:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/08 08:56:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/08 08:33:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-839522115-1003UA.job
[2011/04/08 08:15:42 | 000,000,096 | ---- | M] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2011/04/08 08:14:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 08:14:20 | 000,170,227 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/04/08 08:14:17 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/08 08:13:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 08:13:28 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/08 06:33:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-839522115-1003Core.job
[2011/04/07 16:57:08 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\6qcr25xw.exe
[2011/04/07 16:56:43 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\dds.scr
[2011/04/07 15:49:52 | 000,033,966 | ---- | M] () -- C:\Documents and Settings\Jimmy\Application Data\wklnhst.dat
[2011/04/07 10:43:44 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Mom's Budget.xlr
[2011/04/06 15:30:09 | 000,007,063 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\OFS.pdf
[2011/04/06 11:04:09 | 000,059,963 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Vero Bch Utilities.pdf
[2011/04/06 10:16:15 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/05 13:36:11 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Draft 2011.xlr
[2011/04/04 11:11:57 | 000,129,605 | ---- | M] () -- C:\Documents and Settings\Jimmy\My Documents\donate_receipt_paypal.pdf
[2011/04/02 12:16:02 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Monthly Budget.xlr
[2011/04/01 09:56:53 | 000,002,562 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Japan Fukushima Nuclear Crisis.url
[2011/03/30 16:31:38 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Jimmy\My Documents\Jimmy 2011.xlr
[2011/03/28 10:55:44 | 000,125,100 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Lisa Transunion update.pdf
[2011/03/26 16:16:17 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Jimmy\My Documents\spider.sav
[2011/03/26 10:47:14 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Jimmy\My Documents\2011 Budget.xlr
[2011/03/24 16:49:20 | 000,003,988 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Grayson Worksheet.PDF
[2011/03/24 08:19:43 | 000,587,128 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\2011 Peak Guidelines.PDF
[2011/03/18 09:04:09 | 000,000,158 | ---- | M] () -- C:\Documents and Settings\Jimmy\agenthod.unigroupinc.net.HOD_CCR2.ccr1
[2011/03/18 09:01:11 | 000,431,122 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/18 08:35:57 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/17 13:44:41 | 001,004,124 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Terwilliger OFS.PDF
[2011/03/15 08:55:46 | 000,003,831 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\accountDetailByDateExport(1).csv
[2011/03/14 15:27:33 | 000,001,322 | ---- | M] () -- C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Anchor & Order #s.lnk
[2011/03/14 13:17:27 | 000,016,017 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\Survey.PDF
[2011/03/14 13:16:13 | 001,003,926 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\OFS-BOL.PDF
[2011/03/14 13:15:33 | 000,786,535 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\One Page Est.PDF
[2011/03/14 08:37:53 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 08:37:53 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 15:06:30 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\Jimmy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 16:47:02 | 000,000,285 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\MOH File Distortion Cisco VOIP.url
[2011/03/09 12:39:23 | 000,184,059 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\scan02.pdf

========== Files Created - No Company Name ==========

[2011/04/08 09:01:42 | 004,316,701 | R--- | C] () -- C:\Documents and Settings\Jimmy\Desktop\ComboFix.exe
[2011/04/08 08:59:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\MBRCheck.exe
[2011/04/07 16:57:07 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\6qcr25xw.exe
[2011/04/07 16:56:49 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\dds.scr
[2011/04/06 15:30:09 | 000,007,063 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\OFS.pdf
[2011/04/06 11:04:09 | 000,059,963 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Vero Bch Utilities.pdf
[2011/04/06 10:16:15 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/04 11:11:57 | 000,129,605 | ---- | C] () -- C:\Documents and Settings\Jimmy\My Documents\donate_receipt_paypal.pdf
[2011/04/02 12:19:18 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Mom's Budget.xlr
[2011/04/01 11:35:05 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Monthly Budget.xlr
[2011/03/30 16:30:05 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Jimmy\My Documents\Jimmy 2011.xlr
[2011/03/28 10:55:44 | 000,125,100 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Lisa Transunion update.pdf
[2011/03/27 11:41:08 | 000,003,988 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Grayson Worksheet.PDF
[2011/03/24 08:20:11 | 000,587,128 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\2011 Peak Guidelines.PDF
[2011/03/23 11:37:39 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Japan Fukushima Nuclear Crisis.url
[2011/03/20 22:23:01 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Draft 2011.xlr
[2011/03/17 13:45:11 | 001,004,124 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Terwilliger OFS.PDF
[2011/03/15 08:55:46 | 000,003,831 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\accountDetailByDateExport(1).csv
[2011/03/14 13:17:43 | 000,016,017 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\Survey.PDF
[2011/03/14 13:16:29 | 001,003,926 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\OFS-BOL.PDF
[2011/03/14 13:16:08 | 000,786,535 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\One Page Est.PDF
[2011/03/09 12:39:19 | 000,184,059 | ---- | C] () -- C:\Documents and Settings\Jimmy\Desktop\scan02.pdf
[2011/02/11 13:33:34 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/01/24 21:36:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/24 21:36:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/24 21:36:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/24 21:36:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/24 21:36:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/18 13:28:47 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\Jimmy\Application Data\DVDSubEdit.ini
[2010/07/11 10:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uromazizufe.dll
[2010/07/11 08:41:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emayezevu.dll
[2010/07/11 06:39:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atorewerilupavid.dll
[2010/07/11 04:37:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axepixoxiw.dll
[2010/07/11 02:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olosofihutaf.dll
[2010/07/11 00:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akoriwedok.dll
[2010/07/10 22:31:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avihilon.dll
[2010/07/10 20:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewoxisigihajile.dll
[2010/07/10 18:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofuqoziy.dll
[2010/07/10 16:25:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyukilug.dll
[2010/07/10 14:23:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukanarig.dll
[2010/07/10 13:46:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isuferabatidedug.dll
[2010/07/10 11:00:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enixoxiwakev.dll
[2010/04/01 10:28:39 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\Jimmy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/31 08:22:29 | 000,000,096 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2010/03/30 17:06:44 | 000,048,652 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2010/03/30 15:24:43 | 000,033,966 | ---- | C] () -- C:\Documents and Settings\Jimmy\Application Data\wklnhst.dat
[2010/03/30 15:22:58 | 000,001,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/30 12:16:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/03/30 12:00:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/03/30 11:07:58 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/03/30 10:42:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/30 10:37:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/30 05:30:00 | 000,004,328 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/30 05:27:20 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/11 04:54:26 | 000,397,584 | ---- | C] () -- C:\WINDOWS\System32\WuWUI.exe
[2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/06 17:52:00 | 000,495,616 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2009/05/06 17:52:00 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2008/05/16 15:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 15:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/16 15:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 15:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/16 15:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 15:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 15:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/16 15:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/10/15 14:25:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbc3i.exe
[2005/10/15 14:25:20 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\myodbc3m.exe
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

========== LOP Check ==========

[2010/03/31 08:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/01/24 22:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/06 10:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/01/24 21:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/18 17:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gJdCh05200
[2010/03/30 11:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2011/04/08 08:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/03/31 08:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\acccore
[2011/03/17 11:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\BitTorrent
[2010/03/30 12:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\Foxit
[2010/04/02 10:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\Foxit Software
[2011/02/11 13:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\FreeAudioPack
[2010/10/07 09:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\Fujitsu
[2010/12/18 13:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\Jubler
[2010/10/07 09:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\PFU
[2010/05/18 12:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jimmy\Application Data\Softros Messenger
[2011/04/08 08:14:17 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< >

< %SYSTEMDRIVE%\*.* >
[2010/03/30 16:58:49 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/03/30 10:40:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/30 10:35:41 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/24 21:45:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/08 09:16:34 | 000,051,247 | ---- | M] () -- C:\ComboFix.txt
[2010/03/30 10:40:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/08 08:13:28 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/30 10:40:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/24 18:06:56 | 000,000,923 | -H-- | M] () -- C:\IPH.PH
[2011/01/21 17:17:53 | 000,000,229 | ---- | M] () -- C:\JavaRa.log
[2010/03/30 10:40:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/30 13:51:48 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/04/08 08:13:26 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/03/30 10:39:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/05/06 17:52:00 | 000,061,952 | ---- | M] (Lexmark International Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DKACHC4C.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/10/25 09:50:48 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2010/12/08 14:11:52 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/30 05:26:29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/30 05:26:29 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/30 05:26:29 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/03/30 13:55:34 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/30 13:59:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/30 10:44:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/04/07 16:57:08 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\6qcr25xw.exe
[2011/04/08 09:01:41 | 004,316,701 | R--- | M] () -- C:\Documents and Settings\Jimmy\Desktop\ComboFix.exe
[2011/04/08 08:59:33 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jimmy\Desktop\MBRCheck.exe
[2011/04/08 09:24:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jimmy\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/03/30 13:59:53 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jimmy\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/03/15 09:50:48 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Jimmy\Cookies\desktop.ini
[2011/04/08 09:28:11 | 000,196,608 | -HS- | M] () -- C:\Documents and Settings\Jimmy\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

It's never a good idea to run Combofix on your own.

Your DDS log indicated, you're running two AV programs, AVG and Avast.
That's not a good idea.
I can see, that you uninstalled AVG since.
Keep it that way.

Combofix log looks fine.

====================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
[2010/07/11 10:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uromazizufe.dll
[2010/07/11 08:41:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emayezevu.dll
[2010/07/11 06:39:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atorewerilupavid.dll
[2010/07/11 04:37:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\axepixoxiw.dll
[2010/07/11 02:35:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\olosofihutaf.dll
[2010/07/11 00:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akoriwedok.dll
[2010/07/10 22:31:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avihilon.dll
[2010/07/10 20:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewoxisigihajile.dll
[2010/07/10 18:27:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ofuqoziy.dll
[2010/07/10 16:25:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyukilug.dll
[2010/07/10 14:23:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ukanarig.dll
[2010/07/10 13:46:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isuferabatidedug.dll
[2010/07/10 11:00:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\enixoxiwakev.dll
[2010/03/30 17:06:44 | 000,048,652 | ---- | C] () -- C:\WINDOWS\System32\wuwuninst.exe
[2011/01/24 21:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Java 6 update 12 is the most recent version that is approved for my job's software. I am unable to update.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\WINDOWS\uromazizufe.dll moved successfully.
C:\WINDOWS\emayezevu.dll moved successfully.
C:\WINDOWS\atorewerilupavid.dll moved successfully.
C:\WINDOWS\axepixoxiw.dll moved successfully.
C:\WINDOWS\olosofihutaf.dll moved successfully.
C:\WINDOWS\akoriwedok.dll moved successfully.
C:\WINDOWS\avihilon.dll moved successfully.
C:\WINDOWS\ewoxisigihajile.dll moved successfully.
C:\WINDOWS\ofuqoziy.dll moved successfully.
C:\WINDOWS\oyukilug.dll moved successfully.
C:\WINDOWS\ukanarig.dll moved successfully.
C:\WINDOWS\isuferabatidedug.dll moved successfully.
C:\WINDOWS\enixoxiwakev.dll moved successfully.
C:\WINDOWS\system32\wuwuninst.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jimmy
->Temp folder emptied: 272262 bytes
->Temporary Internet Files folder emptied: 30757284 bytes
->Java cache emptied: 6399021 bytes
->Google Chrome cache emptied: 8877901 bytes
->Flash cache emptied: 1141 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 87403 bytes

Total Files Cleaned = 44.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Jimmy
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04082011_155411

Files\Folders moved on Reboot...
C:\Documents and Settings\Jimmy\Local Settings\Temporary Internet Files\Content.IE5\J3XSL71D\crosspixel-dest[1].htm moved successfully.
C:\Documents and Settings\Jimmy\Local Settings\Temporary Internet Files\Content.IE5\GV9AB73P\sh38[1].html moved successfully.
C:\Documents and Settings\Jimmy\Local Settings\Temporary Internet Files\Content.IE5\9QRO04VO\topic163597[2].html moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_f0.dat not found!

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 12
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
 
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 92.19 0 K 16 K
System 4 4.69 0 K 228 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 632 168 K 180 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 688 1,788 K 2,640 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 712 8,480 K 3,320 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 756 1,872 K 1,276 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 936 3,276 K 2,152 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
igfxsrvc.exe 1484 988 K 268 K igfxsrvc Module Intel Corporation C:\WINDOWS\system32\igfxsrvc.exe -Embedding
wlcomm.exe 3800 11,260 K 12,740 K Windows Live Communications Platform Microsoft Corporation "C:\Program Files\Windows Live\Contacts\wlcomm.exe" -Embedding
wmiprvse.exe 3956 2,984 K 5,092 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
svchost.exe 1004 2,068 K 2,048 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
svchost.exe 1092 20,988 K 12,884 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1128 2,484 K 416 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe 1212 6,004 K 3,396 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1232 3,476 K 760 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
AvastSvc.exe 1448 18,784 K 33,052 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
spoolsv.exe 1884 4,032 K 1,964 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 192 1,516 K 752 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
svchost.exe 220 5,640 K 3,704 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k Akamai
jqs.exe 436 2,244 K 1,408 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LMIGuardianSvc.exe 816 1,368 K 324 K LMIGuardianSvc LogMeIn, Inc. "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe"
ramaint.exe 1296 1,372 K 676 K LogMeIn Maintenance Service LogMeIn, Inc. "C:\Program Files\LogMeIn\x86\RaMaint.exe"
LogMeIn.exe 1504 16,772 K 2,912 K LogMeIn LogMeIn, Inc. "C:\Program Files\LogMeIn\x86\LogMeIn.exe"
nvsvc32.exe 2184 2,728 K 392 K NVIDIA Driver Helper Service, Version 175.19 NVIDIA Corporation C:\WINDOWS\system32\nvsvc32.exe
svchost.exe 2256 2,580 K 1,956 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
WebUpdateSvc4.exe 2324 1,072 K 552 K Software Update Wizard Service (V4.x) Data Perceptions / PowerProgrammer C:\WINDOWS\system32\WebUpdateSvc4.exe
alg.exe 320 1,272 K 416 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
lsass.exe 768 4,540 K 3,480 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 392 42,152 K 23,820 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
LogMeInSystray.exe 2020 3,656 K 1,812 K LogMeIn Desktop Application LogMeIn, Inc. "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
smax4pnp.exe 2220 2,668 K 564 K SMax4PNP MFC Application Analog Devices, Inc. "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
SwizzTool.exe 2656 2,284 K 956 K The Perfect Software Jonas Andersson "C:\Program Files\SwizzTool\SwizzTool.exe"
PfuSsSct.exe 2680 660 K 292 K PfuSSSct.exe PFU LIMITED "C:\Program Files\PFU\ScanSnap\PfuSsSct.exe" /Station
AvastUI.exe 2728 4,604 K 2,936 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
rundll32.exe 2744 2,496 K 472 K Run a DLL as an App Microsoft Corporation "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
aim.exe 2776 43,104 K 8,352 K AOL Instant Messenger AOL Inc. "C:\Program Files\AIM\aim.exe" /d locale=en-US
Messenger.exe 3072 3,340 K 2,016 K "C:\Program Files\Softros Systems\Softros Messenger\Messenger.exe" /hide /wait:5
PfuSsMon.exe 3128 5,280 K 748 K PFUSSMON PFU LIMITED "C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe"
iexplore.exe 1312 16,924 K 17,064 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe"
iexplore.exe 1588 1,053,132 K 979,072 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1312 CREDAT:14337
iexplore.exe 340 47,668 K 12,156 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1312 CREDAT:79875
java.exe 156 1.56 79,220 K 31,472 K Java(TM) Platform SE binary Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\java.exe" -D__jvm_launched=56986518567 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar -Djava.class.path=C:\PROGRA~1\Java\jre6\classes sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid340_pipe3,read_pipe_name=jpi2_pid340_pipe2
iexplore.exe 540 28,632 K 39,264 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1312 CREDAT:210981
wmplayer.exe 2088 38,132 K 21,320 K Windows Media Player Microsoft Corporation "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:6 /SHELLHLP_V9 Play /DataObject:NEFEPEHFBAAAAAAAOABAAAAAAAAAAAAAAMAAAAAAAAAAAAGEAAAAAAAAFAAAAAAAFIPJLJKPCLCJOKPCNPLGOAKCLIGHDLLKPAEDAAAAIIBAMIBAMILMPKBCJGFAALLHAAAAAAAA
wlmail.exe 2212 53,016 K 66,584 K Windows Live Mail Microsoft Corporation "C:\Program Files\Windows Live\Mail\wlmail.exe"
extractnow.exe 3964 3,128 K 9,688 K ExtractNow Application Nathan Moinvaziri "C:\Program Files\ExtractNow\extractnow.exe" "C:\Documents and Settings\Jimmy\Desktop\ProcessExplorer.zip"
procexp.exe 3172 1.56 13,428 K 18,040 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Jimmy\Desktop\ProcessExplorer\procexp.exe"
WuWUI.exe 3600 912 K 260 K WuWUI Application "C:\WINDOWS\system32\WuWUI.exe"
WkCalRem.exe 692 420 K 264 K Microsoft® Works Calendar Reminder Service Microsoft® Corporation "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
Acrobat.exe 912 22,176 K 7,200 K Adobe Acrobat 6.0 Adobe Systems Incorporated "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe" /o
 

Attachments

  • Procexp.txt
    7.2 KB · Views: 0
CPU usage looks perfectly normal.
System Idle Process (CPU NOT used) is listed at 92.19%
 
The CPU usage doesn't stay at 100% while it's sitting there. If I attempt to open new browser windows or open programs, that's when its hanging/freezing.
 
IE and Google Chrome....I'm at the office today and things seem to be working better. I'll PM you if there are any more problems. Thanks for all of your help!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back