Solved Hijack/Redirect problem with Firefox

Status
Not open for further replies.
J

JT16v

Posts: 9   +0
Hi folks,

After browsing this forum, I'm amazed at the level of help provided here----many thanks in advance for any assistance you can provide.

I like to think I'm above average in tech awareness, but somehow I have a hijack, and all my normal methods have failed. When using Firefox, my google searches randomly (not every time) get redirected to either ad sites, or virus sites. Additionally, if this info helps, when this problem first presented, my audio driver stopped working properly (I've since fixed that though). I've followed the 8 steps, and here are my logs:

Malware bytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4891

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/20/2010 9:10:19 AM
mbam-log-2010-10-20 (09-10-19).txt

Scan type: Quick scan
Objects scanned: 178679
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-20 09:28:11
Windows 5.1.2600 Service Pack 3
Running: l40o97fz.exe; Driver: C:\DOCUME~1\Jonathan\LOCALS~1\Temp\ugriypow.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AA000C
.text C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[1376] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00EA000A
.text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
.text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\Explorer.EXE[1428] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C2000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89DC2292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89DC2292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 89DC2292

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskHTS541060G9SA00_________________________MB3OC60P#5&37f3ed5a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 19: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 20: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 21: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 24: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 25: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 26: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 27: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 36: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 40: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 117231156 (+251): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----


DDS.txt


DDS (Ver_10-10-10.03) - NTFSx86
Run by Jonathan at 9:28:32.85 on Wed 10/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1418 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\mshta.exe
C:\Documents and Settings\Jonathan\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jonathan\applic~1\mozilla\firefox\profiles\piotczi1.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\piotczi1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\piotczi1.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jonathan\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\jonathan\application data\mozilla\firefox\profiles\piotczi1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\jonathan\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\jonathan\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-25 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-25 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-25 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2009-10-6 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-2-16 36352]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-6-4 9472]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2010-6-9 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2010-6-9 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2010-6-9 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2010-6-9 10368]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-15 59552]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-6-25 14336]

=============== Created Last 30 ================

2010-10-20 12:40:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-20 12:40:21 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-10-20 03:45:58 -------- d-----w- c:\docume~1\jonathan\applic~1\QuickScan
2010-10-19 15:32:55 388096 ----a-r- c:\docume~1\jonathan\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-14 11:51:57 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 12:00:24 -------- d-----w- c:\docume~1\jonathan\applic~1\Malwarebytes
2010-10-13 12:00:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 12:00:18 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-10-13 12:00:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 12:00:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 11:31:38 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:31:38 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:31:26 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-09-21 19:44:08 -------- d-----w- c:\docume~1\jonathan\locals~1\applic~1\Eraser 6
2010-09-21 19:39:42 -------- d-----w- c:\program files\Eraser

==================== Find3M ====================

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 9:29:51.40 ===============

attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2009 3:05:07 PM
System Uptime: 10/20/2010 8:58:51 AM (1 hours ago)

Motherboard: Hewlett-Packard | | 30AA
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U10 | 1662/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 52 GiB total, 26.644 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&BF41672&0&00E0
Manufacturer: Intel Corporation
Name: Intel(R) PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_135B103C&REV_02\4&BF41672&0&00E0
Service: NETw5x32

==== System Restore Points ===================

RP248: 7/22/2010 10:31:00 AM - System Checkpoint
RP249: 7/23/2010 11:02:09 AM - System Checkpoint
RP250: 7/23/2010 11:33:30 AM - Printer Driver Microsoft Office Document Image Writer Installed
RP251: 7/23/2010 11:43:04 AM - Restore Operation
RP252: 7/23/2010 11:53:18 AM - Avg Update
RP253: 7/24/2010 12:10:54 PM - System Checkpoint
RP254: 7/29/2010 6:25:20 PM - System Checkpoint
RP255: 8/2/2010 11:15:44 AM - System Checkpoint
RP256: 8/2/2010 1:49:22 PM - Installed AxCrypt 1.7.2126.0
RP257: 8/3/2010 2:08:02 PM - System Checkpoint
RP258: 8/4/2010 3:00:16 AM - Software Distribution Service 3.0
RP259: 8/5/2010 10:33:28 AM - System Checkpoint
RP260: 8/6/2010 10:54:00 AM - System Checkpoint
RP261: 8/7/2010 6:13:25 PM - System Checkpoint
RP262: 8/9/2010 12:40:15 PM - System Checkpoint
RP263: 8/10/2010 5:47:26 PM - System Checkpoint
RP264: 8/11/2010 11:29:52 AM - Software Distribution Service 3.0
RP265: 8/12/2010 3:55:42 PM - System Checkpoint
RP266: 8/13/2010 4:01:23 PM - System Checkpoint
RP267: 8/14/2010 4:04:15 PM - System Checkpoint
RP268: 8/15/2010 5:01:22 PM - System Checkpoint
RP269: 8/16/2010 5:18:24 PM - System Checkpoint
RP270: 8/17/2010 5:21:58 PM - System Checkpoint
RP271: 8/18/2010 6:18:21 PM - System Checkpoint
RP272: 8/19/2010 6:36:59 PM - System Checkpoint
RP273: 8/20/2010 8:41:31 PM - System Checkpoint
RP274: 8/22/2010 9:12:14 AM - System Checkpoint
RP275: 8/23/2010 10:49:54 AM - System Checkpoint
RP276: 8/24/2010 11:01:01 AM - System Checkpoint
RP277: 8/25/2010 12:41:56 PM - System Checkpoint
RP278: 8/26/2010 1:42:17 PM - System Checkpoint
RP279: 8/27/2010 2:40:39 PM - System Checkpoint
RP280: 8/28/2010 3:39:33 PM - System Checkpoint
RP281: 8/29/2010 3:58:04 PM - System Checkpoint
RP282: 8/31/2010 9:44:46 AM - System Checkpoint
RP283: 9/2/2010 5:54:40 PM - System Checkpoint
RP284: 9/7/2010 10:43:23 AM - System Checkpoint
RP285: 9/9/2010 7:56:46 AM - Avg Update
RP286: 9/10/2010 1:08:29 PM - System Checkpoint
RP287: 9/11/2010 2:08:18 PM - System Checkpoint
RP288: 9/12/2010 5:19:34 PM - System Checkpoint
RP289: 9/13/2010 5:50:37 PM - System Checkpoint
RP290: 9/14/2010 6:48:58 PM - System Checkpoint
RP291: 9/15/2010 6:57:23 PM - System Checkpoint
RP292: 9/16/2010 8:01:54 PM - System Checkpoint
RP293: 9/17/2010 8:36:16 AM - Software Distribution Service 3.0
RP294: 9/18/2010 9:25:45 AM - System Checkpoint
RP295: 9/19/2010 10:16:33 AM - System Checkpoint
RP296: 9/20/2010 10:50:49 AM - System Checkpoint
RP297: 9/21/2010 11:16:03 AM - System Checkpoint
RP298: 9/21/2010 3:39:40 PM - Installed Eraser 6.0.7.1893
RP299: 9/22/2010 4:44:48 PM - System Checkpoint
RP300: 9/23/2010 9:55:03 AM - Avg Update
RP301: 9/23/2010 9:56:20 AM - Avg Update
RP302: 9/24/2010 10:35:56 AM - System Checkpoint
RP303: 9/25/2010 11:21:54 AM - System Checkpoint
RP304: 9/26/2010 11:28:00 AM - System Checkpoint
RP305: 9/27/2010 2:18:54 PM - System Checkpoint
RP306: 9/28/2010 2:49:45 PM - System Checkpoint
RP307: 9/29/2010 7:57:47 AM - Software Distribution Service 3.0
RP308: 9/30/2010 8:59:37 AM - System Checkpoint
RP309: 10/1/2010 11:54:59 AM - System Checkpoint
RP310: 10/2/2010 2:49:56 PM - System Checkpoint
RP311: 10/3/2010 3:11:47 PM - System Checkpoint
RP312: 10/4/2010 4:19:34 PM - System Checkpoint
RP313: 10/5/2010 8:58:03 AM - Avg Update
RP314: 10/6/2010 10:33:32 AM - System Checkpoint
RP315: 10/7/2010 10:36:44 AM - System Checkpoint
RP316: 10/8/2010 1:09:01 PM - System Checkpoint
RP317: 10/9/2010 1:56:50 PM - System Checkpoint
RP318: 10/10/2010 2:40:33 PM - System Checkpoint
RP319: 10/11/2010 3:23:34 PM - System Checkpoint
RP320: 10/12/2010 3:52:23 PM - System Checkpoint
RP321: 10/13/2010 5:12:22 PM - System Checkpoint
RP322: 10/14/2010 7:42:54 AM - Software Distribution Service 3.0
RP323: 10/15/2010 2:27:53 PM - System Checkpoint
RP324: 10/18/2010 2:28:25 PM - System Checkpoint
RP325: 10/19/2010 4:24:52 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
Adobe Acrobat 9.3.2 - CPSID_53951
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
AxCrypt 1.7.2126.0
Bonjour
Brother MFL Pro Suite
Compatibility Pack for the 2007 Office system
Corel WinDVD 9
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.8
Eraser 6.0.7.1893
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
FlipShare
Free RAR Extract Frog
getPlus(R) for Corel
Google Calendar Sync
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 17
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2000 Disc 2
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Neat ADF Scanner 2008 Driver
Neat ADF Scanner Driver
Neat Mobile Scanner (Silver) Driver
Neat Mobile Scanner 2008 Driver
Neat Mobile Scanner Driver
NeatWorks
NeatWorks Core Files
office Convert Pdf to Jpg Jpeg Tiff Free 6.4
PandoraRecovery (Remove Only)
PdaNet for Android 2.42
QuickBooks
QuickBooks Premier Edition 2010
QuickTime
RebuildOutlookCache
Samsung CLP-310 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.1
WebFldrs XP
Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
10/20/2010 8:55:38 AM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/20/2010 8:55:38 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/19/2010 8:38:58 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/19/2010 11:38:15 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2010 8:04:58 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
10/15/2010 1:09:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
10/13/2010 7:16:34 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
10/13/2010 7:16:34 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
 
add-on

Also, if it helps you, I remembered a few things after reading this other user's post.....my experience almost mirrors his exactly.

https://www.techspot.com/vb/topic155164.html

Mine started with a fake anti-virus scan program that I had to use rkill to stop, and then followed with malwarebytes.

I have also had the random switch to windows classic theme, and the sound issues.

Just wanted to chip in any extra info I could to help. Thanks again.
 
Welcome aboard
yahooo.gif


Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Thanks for the quick help.....TDSS did find an issue and cure it. Here are the two logs you requested:

2010/10/21 08:58:14.0890 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/21 08:58:14.0890 ================================================================================
2010/10/21 08:58:14.0890 SystemInfo:
2010/10/21 08:58:14.0890
2010/10/21 08:58:14.0890 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/21 08:58:14.0890 Product type: Workstation
2010/10/21 08:58:14.0890 ComputerName: JTLAPTOP
2010/10/21 08:58:14.0890 UserName: Jonathan
2010/10/21 08:58:14.0890 Windows directory: C:\WINDOWS
2010/10/21 08:58:14.0890 System windows directory: C:\WINDOWS
2010/10/21 08:58:14.0890 Processor architecture: Intel x86
2010/10/21 08:58:14.0890 Number of processors: 2
2010/10/21 08:58:14.0890 Page size: 0x1000
2010/10/21 08:58:14.0890 Boot type: Normal boot
2010/10/21 08:58:14.0890 ================================================================================
2010/10/21 08:58:15.0109 Initialize success
2010/10/21 08:58:17.0562 ================================================================================
2010/10/21 08:58:17.0562 Scan started
2010/10/21 08:58:17.0562 Mode: Manual;
2010/10/21 08:58:17.0562 ================================================================================
2010/10/21 08:58:18.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/21 08:58:18.0875 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/21 08:58:18.0937 ADIHdAudAddService (7356eff52ad50b8946d346002118ce62) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/10/21 08:58:19.0000 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/10/21 08:58:19.0078 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/21 08:58:19.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/21 08:58:19.0203 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/10/21 08:58:19.0437 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/21 08:58:19.0546 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/21 08:58:19.0578 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/21 08:58:19.0640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/21 08:58:19.0687 ATSWPDRV (002ecb6f1197a7754cc87f2073f41841) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2010/10/21 08:58:19.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/21 08:58:19.0796 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/10/21 08:58:19.0828 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/10/21 08:58:19.0875 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/10/21 08:58:19.0906 b57w2k (2fa609c3411ec5f77f42d0b04d304ae5) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/10/21 08:58:19.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/21 08:58:20.0312 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2010/10/21 08:58:20.0421 BrSerWDM (8e06cd96e00472c03770a697d04031c0) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2010/10/21 08:58:20.0468 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2010/10/21 08:58:20.0484 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2010/10/21 08:58:20.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/21 08:58:20.0578 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/21 08:58:20.0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/21 08:58:20.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/21 08:58:20.0781 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/21 08:58:20.0828 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/21 08:58:20.0953 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/21 08:58:21.0031 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/21 08:58:21.0093 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/21 08:58:21.0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/21 08:58:21.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/21 08:58:21.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/21 08:58:21.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/21 08:58:21.0390 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/21 08:58:21.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/21 08:58:21.0453 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/21 08:58:21.0500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/21 08:58:21.0531 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/21 08:58:21.0562 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/21 08:58:21.0625 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/21 08:58:21.0671 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/21 08:58:21.0718 GTIPCI21 (f3c9f09aa3eda29a1c841877e7e39158) C:\WINDOWS\system32\DRIVERS\gtipci21.sys
2010/10/21 08:58:21.0765 HBtnKey (407e41ddb2bfece109132aec296e0d98) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/10/21 08:58:21.0812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/21 08:58:21.0875 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/21 08:58:22.0000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/21 08:58:22.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/21 08:58:22.0328 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/21 08:58:22.0531 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/10/21 08:58:22.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/21 08:58:22.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/21 08:58:22.0687 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/21 08:58:22.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/21 08:58:22.0765 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/21 08:58:22.0796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/21 08:58:22.0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/21 08:58:22.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/21 08:58:22.0890 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/21 08:58:22.0921 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/10/21 08:58:22.0953 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/21 08:58:23.0031 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/21 08:58:23.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/21 08:58:23.0218 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/21 08:58:23.0296 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2010/10/21 08:58:23.0343 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/21 08:58:23.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/21 08:58:23.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/21 08:58:23.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/21 08:58:23.0468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/21 08:58:23.0515 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/21 08:58:23.0593 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/21 08:58:23.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/21 08:58:23.0750 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/21 08:58:23.0781 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/21 08:58:23.0812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/21 08:58:23.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/21 08:58:23.0906 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/21 08:58:23.0937 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/21 08:58:23.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/21 08:58:24.0000 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/21 08:58:24.0046 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/21 08:58:24.0078 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/21 08:58:24.0093 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/21 08:58:24.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/21 08:58:24.0312 NETw5x32 (05743fffc2bc88cc8e426321bc6a762e) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/10/21 08:58:24.0468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/21 08:58:24.0484 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/21 08:58:24.0515 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/21 08:58:24.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/21 08:58:24.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/21 08:58:24.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/21 08:58:24.0687 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/21 08:58:24.0718 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/21 08:58:24.0750 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/21 08:58:24.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/21 08:58:24.0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/21 08:58:24.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/21 08:58:24.0875 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/10/21 08:58:25.0062 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
2010/10/21 08:58:25.0093 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/21 08:58:25.0109 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/21 08:58:25.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/21 08:58:25.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/21 08:58:25.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/21 08:58:25.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/21 08:58:25.0312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/21 08:58:25.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/21 08:58:25.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/21 08:58:25.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/21 08:58:25.0546 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/21 08:58:25.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/21 08:58:25.0671 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
2010/10/21 08:58:25.0734 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/10/21 08:58:25.0812 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/10/21 08:58:25.0843 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/21 08:58:25.0906 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/21 08:58:25.0937 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/21 08:58:26.0140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/21 08:58:26.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/21 08:58:26.0312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/21 08:58:26.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/21 08:58:26.0468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/21 08:58:26.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/21 08:58:26.0734 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/21 08:58:26.0812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/21 08:58:26.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/21 08:58:26.0890 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/21 08:58:26.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/21 08:58:27.0015 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
2010/10/21 08:58:27.0093 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/21 08:58:27.0187 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/21 08:58:27.0250 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/21 08:58:27.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/21 08:58:27.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/21 08:58:27.0359 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/21 08:58:27.0437 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/21 08:58:27.0500 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/21 08:58:27.0531 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/21 08:58:27.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/21 08:58:27.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/21 08:58:27.0781 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/10/21 08:58:27.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/21 08:58:27.0968 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/21 08:58:28.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/21 08:58:28.0156 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/10/21 08:58:28.0203 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/21 08:58:28.0296 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/21 08:58:28.0328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/21 08:58:28.0421 ================================================================================
2010/10/21 08:58:28.0421 Scan finished
2010/10/21 08:58:28.0421 ================================================================================


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9EED000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECD000 fltmgr.sys
0xB9EBB000 sr.sys
0xB9EA4000 KSecDD.sys
0xB9E17000 Ntfs.sys
0xB9DEA000 NDIS.sys
0xB9DD0000 Mup.sys
0xB964F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9099000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9085000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB905D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8CC1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA450000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB963F000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB8C75000 \SystemRoot\system32\drivers\tifm21.sys
0xB8C61000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB8C4B000 \SystemRoot\system32\DRIVERS\gtipci21.sys
0xB9DAC000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB8C1C000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB962F000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9DA8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8C08000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA158000 \SystemRoot\system32\DRIVERS\IFXTPM.SYS
0xBA168000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA458000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA460000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA178000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB9DA4000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA188000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA198000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8BE5000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA468000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9D9C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA470000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9D98000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9D94000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA7DC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D90000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8BCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA478000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8B95000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA480000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA488000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9D80000 \SystemRoot\system32\DRIVERS\pnetmdm.sys
0xBA490000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8B65000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8B07000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D70000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9D6C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8991000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA896D000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xA8955000 \SystemRoot\system32\drivers\AEAudio.sys
0xA882F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xBA5D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA238000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA743000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA4B0000 \SystemRoot\System32\drivers\vga.sys
0xBA5DA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA340000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA358000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA59C000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA87D4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA877B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8755000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA871B000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB8BC2000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA268000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA278000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB8BBA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA8633000 \SystemRoot\system32\DRIVERS\ATSwpDrv.sys
0xA860B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA85E9000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA85BE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA854E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA298000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA360000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA851A000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA2B8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB8A9E000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA370000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA790000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA83FA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8195000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8342000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA630000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7CFF000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA662000 \SystemRoot\system32\drivers\regi.sys
0xA78D6000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7173000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 42):
0 System Idle Process
4 System
816 C:\WINDOWS\system32\smss.exe
884 csrss.exe
908 C:\WINDOWS\system32\winlogon.exe
952 C:\WINDOWS\system32\services.exe
964 C:\WINDOWS\system32\lsass.exe
1128 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1236 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1388 svchost.exe
1672 C:\WINDOWS\system32\spoolsv.exe
2028 C:\WINDOWS\explorer.exe
364 C:\Program Files\Analog Devices\Core\smax4pnp.exe
388 C:\PROGRA~1\AVG\AVG9\avgtray.exe
484 C:\WINDOWS\system32\agrsmsvc.exe
508 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
532 C:\Program Files\AVG\AVG9\avgwdsvc.exe
552 C:\Program Files\Bonjour\mDNSResponder.exe
576 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
600 C:\WINDOWS\system32\ctfmon.exe
628 C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
648 C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
724 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
436 C:\Program Files\Java\jre6\bin\jqs.exe
824 C:\Program Files\AVG\AVG9\avgnsx.exe
1264 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
1344 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
1772 C:\WINDOWS\system32\wuauclt.exe
2116 wmiprvse.exe
2256 unsecapp.exe
2456 alg.exe
2720 C:\Program Files\AVG\AVG9\avgchsvx.exe
2716 C:\Program Files\AVG\AVG9\avgrsx.exe
2856 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3624 C:\Program Files\Mozilla Firefox\firefox.exe
3836 C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
3908 C:\Program Files\AVG\AVG9\avgcsrvx.exe
424 C:\WINDOWS\system32\svchost.exe
2796 wmiprvse.exe
2224 C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541060G9SA00, Rev: MB3OC60P

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ok...combo just finished....here is the log. thanks!

ComboFix 10-10-21.02 - Jonathan 10/21/2010 23:08:51.1.2 - x86
Running from: c:\documents and settings\Jonathan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\office.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-20 12:40 . 2010-10-20 12:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-10-20 12:40 . 2010-10-20 12:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-20 03:45 . 2010-10-20 03:46 -------- d-----w- c:\documents and settings\Jonathan\Application Data\QuickScan
2010-10-19 15:32 . 2010-10-19 15:32 388096 ----a-r- c:\documents and settings\Jonathan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-14 11:51 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-10-13 12:00 . 2010-10-13 12:00 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Malwarebytes
2010-10-13 12:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-13 12:00 . 2010-10-13 12:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-10-13 12:00 . 2010-10-13 12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 12:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 11:31 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 11:31 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 11:31 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-06 02:37 . 2010-10-06 02:37 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-29 2407632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-06 872448]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Corel\\DVD9\\WinDVD.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/25/2009 8:03 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/25/2009 8:03 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:34 AM 308136]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10/6/2009 10:01 AM 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2/16/2006 3:46 PM 36352]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/4/2010 4:40 PM 9472]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [6/9/2010 7:43 PM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [6/9/2010 7:43 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [6/9/2010 7:43 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [6/9/2010 7:42 PM 10368]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [8/15/2009 11:45 PM 59552]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [6/25/2009 2:37 PM 14336]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-21 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-06-16 18:11]

2010-10-21 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-06-16 19:24]
.
.
------- Supplementary Scan -------
.
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\optout@dubfire.net\lib\WINNT\ff3\AbineComponent.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Jonathan\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Jonathan\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008


.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-10-21 23:16:08
ComboFix-quarantined-files.txt 2010-10-22 03:16

Pre-Run: 28,282,613,760 bytes free
Post-Run: 28,740,714,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
c:\peboot.bin=": Utility Console"

- - End Of File - - 1C1EDC356D853E8B5B8DCF3B70E3E387
 
It looks pretty good :)

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The redirects seem to have ended....nothing unusual has happened since I ran the TDSSKiller....fingers crossed. Here are the two other logs you mentioned. Thanks!

OTL logfile created on: 10/22/2010 11:02:22 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.90 Gb Total Space | 26.80 Gb Free Space | 51.63% Space Free | Partition Type: NTFS
Drive D: | 926.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JTLAPTOP | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/22 11:00:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
PRC - [2010/10/05 08:57:56 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/28 21:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/23 09:56:11 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:34:34 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:34:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:33:51 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:33:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/18 10:57:06 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/10/02 12:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 22:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/22 11:00:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/07/15 09:34:30 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/07 08:33:00 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/18 10:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/05/14 12:59:44 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/03/16 17:45:14 | 000,059,552 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Installer) getPlus(R)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jonathan\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:34:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:33:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/04 15:06:08 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/21 16:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 21:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/01 18:27:40 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/01/24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/09/14 16:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/04/21 17:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/30 14:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2005/10/21 11:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2004/11/22 07:34:06 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2001/08/17 13:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 13:12:20 | 000,060,416 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerWdm.sys -- (BrSerWDM)
DRV - [2001/08/17 13:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2001/08/17 13:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}:1.0.1
FF - prefs.js..extensions.enabledItems: optout@dubfire.net:3.20
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.2
FF - prefs.js..extensions.enabledItems: {c82059e2-6143-416d-9bbb-f5f04472e207}:2.0
FF - prefs.js..extensions.enabledItems: imgTag@secondagenda.com:0.3.8
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.41


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 14:17:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 08:09:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 08:09:40 | 000,000,000 | ---D | M]

[2009/06/25 17:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Extensions
[2010/10/21 18:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions
[2010/09/24 15:33:29 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/20 19:05:01 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/08/18 13:20:17 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/07/08 21:01:15 | 000,000,000 | ---D | M] (Copy as HTML Link) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{c82059e2-6143-416d-9bbb-f5f04472e207}
[2010/08/18 13:20:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/08/18 13:20:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/04 13:30:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/19 23:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/08/24 07:54:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\{F0B6E3F9-ECD1-40b6-A25F-5C3FF68FB079}
[2010/02/01 22:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\add-to-searchbox@maltekraus.de
[2010/08/31 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\foxyproxy@eric.h.jung
[2010/07/08 21:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\imgTag@secondagenda.com
[2010/09/12 07:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\extensions\optout@dubfire.net
[2009/07/09 07:57:10 | 000,001,810 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\piotczi1.default\searchplugins\national-and-local-weather-forecast-hurricane-radar-and-repo.xml
[2010/10/21 18:01:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/10/21 23:13:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) - C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jonathan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/07 11:32:33 | 000,000,016 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 06:23:11 | 000,189,808 | R--- | M] (Adobe Systems Incorporated) - D:\AutoPlay.exe -- [ CDFS ]
O32 - AutoRun File - [2009/10/19 22:56:33 | 000,000,000 | R--D | M] - D:\Autoplay -- [ CDFS ]
O32 - AutoRun File - [2006/08/22 07:33:08 | 000,000,055 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/22 11:00:50 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/10/21 23:07:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/21 23:05:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/21 23:05:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/21 23:05:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/21 23:05:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/21 23:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/21 23:04:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/20 08:55:13 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\TFC.exe
[2010/10/20 08:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/20 08:40:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/10/19 23:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\QuickScan
[2010/10/13 08:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\My Documents\Recover
[2010/10/13 08:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\Malwarebytes
[2010/10/13 08:00:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/13 08:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/10/13 08:00:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/13 08:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/05 22:37:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
[2010/10/04 09:08:00 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/09/23 21:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\My Documents\Casey
[2010/09/21 15:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\Eraser 6
[2010/09/21 15:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2010/09/21 15:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Desktop\Old Sony
[2010/08/20 14:58:49 | 000,000,000 | ---D | C] -- C:\Phone Temp
[2010/08/11 15:15:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jonathan\Application Data\PandoraRecovery
[2010/08/11 15:15:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2010/08/02 13:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum

========== Files - Modified Within 90 Days ==========

[2010/10/22 11:04:01 | 066,682,469 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/22 11:02:00 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/22 11:02:00 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/22 11:00:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/10/22 10:57:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/22 10:57:23 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/10/22 10:57:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 23:13:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/21 23:07:41 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2010/10/21 23:01:38 | 003,882,530 | R--- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/10/21 09:43:05 | 000,424,107 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Hupp Petition.pdf
[2010/10/21 08:59:31 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/10/21 08:51:36 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/10/21 08:16:33 | 001,211,285 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\tdsskiller.zip
[2010/10/20 09:05:37 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\l40o97fz.exe
[2010/10/20 08:55:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\TFC.exe
[2010/10/20 08:00:03 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\HiJackThis.lnk
[2010/10/18 16:18:01 | 000,013,590 | ---- | M] () -- C:\WINDOWS\System32\235.js
[2010/10/14 11:54:58 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 07:52:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 18:18:01 | 000,010,053 | ---- | M] () -- C:\WINDOWS\System32\234.js
[2010/10/13 14:57:45 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/13 08:00:21 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 07:58:08 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to eXplorer.lnk
[2010/09/11 15:45:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/24 07:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== Files Created - No Company Name ==========

[2010/10/21 23:07:41 | 000,000,249 | ---- | C] () -- C:\Boot.bak
[2010/10/21 23:07:38 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/21 23:05:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/21 23:05:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/21 23:05:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/21 23:05:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/21 23:05:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/21 23:01:37 | 003,882,530 | R--- | C] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/10/21 09:43:05 | 000,424,107 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Hupp Petition.pdf
[2010/10/21 08:59:30 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/10/21 08:16:33 | 001,211,285 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\tdsskiller.zip
[2010/10/20 09:05:36 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\l40o97fz.exe
[2010/10/19 11:20:32 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\HiJackThis.lnk
[2010/10/18 16:18:01 | 000,013,590 | ---- | C] () -- C:\WINDOWS\System32\235.js
[2010/10/13 13:18:08 | 000,010,053 | ---- | C] () -- C:\WINDOWS\System32\234.js
[2010/10/13 08:00:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/13 07:58:07 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Jonathan\Desktop\Shortcut to eXplorer.lnk
[2010/06/29 13:53:35 | 000,037,914 | ---- | C] () -- C:\Documents and Settings\Jonathan\Application Data\Comma Separated Values (Windows).ADR
[2010/06/24 11:24:17 | 000,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2010/06/24 11:24:13 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/06/24 11:24:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/06/24 11:24:02 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2010/06/16 17:09:29 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/06/15 21:22:22 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/06/15 18:47:03 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/09 19:42:56 | 000,002,651 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2010/06/09 09:09:04 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/06/08 11:08:03 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2009/10/02 09:30:01 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Jonathan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 00:00:40 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\A65F52D894.sys
[2009/08/16 00:00:39 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
[2009/06/25 21:18:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/25 10:48:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/16 21:05:51 | 000,000,268 | ---- | C] () -- C:\Program Files\Altir
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/02/15 21:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/08/26 17:16:33 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2007/07/06 17:07:19 | 000,000,511 | ---- | C] () -- C:\Program Files\Altiră
[2006/09/18 14:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 14:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2005/11/15 15:32:22 | 000,003,638 | R--- | C] () -- C:\Program Files\Common Files\Altiris_Icon.ico
[2004/01/13 18:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 22:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/11/30 21:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/06/15 18:47:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMMON FILES
[2009/12/24 22:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Flip Video
[2010/04/20 17:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2010/06/15 18:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nuance
[2009/06/25 21:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SBT
[2010/06/16 17:25:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft
[2010/06/15 21:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SQL Anywhere 11
[2010/06/16 17:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\The Neat Company
[2009/12/23 01:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/25 21:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/21 17:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Abine
[2009/09/18 20:55:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\FUJIFILM
[2010/04/20 17:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\IObit
[2010/06/15 21:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\MSNInstaller
[2010/08/11 15:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\PandoraRecovery
[2010/06/15 18:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\Philipp Winterberg
[2010/10/19 23:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\QuickScan
[2010/06/16 17:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\ScanSoft
[2010/10/19 23:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jonathan\Application Data\uTorrent
[2010/10/22 10:57:23 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/09/11 16:30:56 | 000,000,041 | ---- | M] () -- C:\AClient.dat
[2005/04/07 11:32:33 | 000,000,016 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/25 14:54:26 | 000,000,249 | ---- | M] () -- C:\Boot.bak
[2010/10/21 23:07:41 | 000,000,364 | RHS- | M] () -- C:\boot.ini
[2006/09/11 17:48:52 | 000,000,827 | RHS- | M] () -- C:\boot.sysprep
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/10/21 23:16:09 | 000,011,943 | ---- | M] () -- C:\ComboFix.txt
[2004/09/07 16:47:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/05 14:03:20 | 000,000,000 | ---- | M] () -- C:\foo.txt
[2004/09/07 16:47:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/24 23:22:52 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2003/04/18 18:50:54 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\moveuser.exe
[2007/09/11 16:29:56 | 000,000,336 | ---- | M] () -- C:\moveuser.log
[2007/09/11 16:26:52 | 000,000,243 | ---- | M] () -- C:\moveusers.bat
[2004/09/07 16:47:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/04/11 14:26:50 | 000,000,040 | ---- | M] () -- C:\msolvtest.txt
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/25 15:55:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/11/08 16:03:07 | 000,045,056 | ---- | M] (Paetec Communications) -- C:\paetec.exe
[2010/10/22 10:56:58 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2006/09/11 20:02:35 | 000,008,192 | ---- | M] () -- C:\peboot.bin
[2010/10/19 10:36:25 | 000,000,361 | ---- | M] () -- C:\rkill.log
[2007/02/08 12:22:28 | 000,001,745 | ---- | M] () -- C:\SetTime.vbs
[2005/07/19 12:38:45 | 000,000,190 | ---- | M] () -- C:\setup.log
[1999/12/03 09:01:32 | 000,022,800 | ---- | M] (Microsoft Corporation) -- C:\shfolder.dll
[2010/06/16 19:01:10 | 000,002,964 | ---- | M] () -- C:\spi.scanning.log
[2004/09/08 11:16:13 | 000,001,184 | ---- | M] () -- C:\svextract.log
[2005/07/19 12:18:14 | 000,000,191 | ---- | M] () -- C:\syntp.log
[2010/10/21 08:52:43 | 000,038,514 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_21.10.2010_08.52.07_log.txt
[2010/10/21 08:59:03 | 000,037,926 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_21.10.2010_08.58.14_log.txt
[2005/07/19 12:17:36 | 000,000,032 | ---- | M] () -- C:\ticrdbus.log
[2007/08/10 11:04:25 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2007/02/08 12:20:20 | 000,021,868 | ---- | M] () -- C:\TZupdate.reg
[2009/08/15 23:55:45 | 000,517,822 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/25 15:00:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/08/13 05:40:19 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cl31cpc.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/04/16 21:05:51 | 000,000,268 | ---- | M] () -- C:\Program Files\Altir
[2008/04/16 21:05:51 | 000,000,511 | ---- | M] () -- C:\Program Files\Altiră

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/06/25 10:46:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/25 10:46:47 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/25 10:46:47 | 000,921,600 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2010/06/16 08:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\IObit\Advanced SystemCare 3\Bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/06/25 16:03:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/06/25 16:11:03 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/06/25 15:08:22 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/10/21 23:01:38 | 003,882,530 | R--- | M] () -- C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
[2010/10/20 09:05:37 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\l40o97fz.exe
[2010/10/21 08:59:31 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Jonathan\Desktop\MBRCheck.exe
[2010/10/22 11:00:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\OTL.exe
[2010/10/21 08:51:36 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jonathan\Desktop\TDSSKiller.exe
[2010/10/20 08:55:17 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jonathan\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >
[2005/11/15 15:32:22 | 000,003,638 | R--- | M] () -- C:\Program Files\Common Files\Altiris_Icon.ico

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/06/25 16:11:03 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jonathan\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/10/22 11:03:50 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Jonathan\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/03/31 15:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/03/31 15:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/03/31 15:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/03/31 15:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
and the extras log

OTL Extras logfile created on: 10/22/2010 11:02:22 AM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\Jonathan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.90 Gb Total Space | 26.80 Gb Free Space | 51.63% Space Free | Partition Type: NTFS
Drive D: | 926.89 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JTLAPTOP | User Name: Jonathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Corel\DVD9\WinDVD.exe" = C:\Program Files\Corel\DVD9\WinDVD.exe:*:Enabled:WinDVD -- (Corel Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A424-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier Edition 2010
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{11A53AF3-CAA5-4C29-887E-CCA7CEE2689B}" = Neat Mobile Scanner Driver
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.5
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) for Corel
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{57F5920A-9897-4830-BD4A-BE85DA9734FF}" = Neat Mobile Scanner 2008 Driver
"{58155B30-6BE9-4268-A059-149629149C63}" = Neat ADF Scanner Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6EDB3FC5-8B7C-422A-B4FB-1D919F44F2C0}" = Neat Mobile Scanner (Silver) Driver
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7BD1EAE4-2E08-4087-8600-44B0ACB0C887}" = NeatWorks Core Files
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4A42670-82B9-4A58-8955-20271DBBF29F}" = Neat ADF Scanner 2008 Driver
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B1C0D829-FE30-059E-E93F-CDC7A48235C0}" = FlipShare
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E4C1DBF1-67D9-4973-9DEC-677E695E7CE0}" = AxCrypt 1.7.2126.0
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG Free 9.0
"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Calendar Sync" = Google Calendar Sync
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}" = Corel WinDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeatWorks" = NeatWorks
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PdaNet_is1" = PdaNet for Android 2.42
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"b9282be208b368e5" = RebuildOutlookCache
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2010 8:06:28 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 8:06:28 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 8:06:28 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 8:58:00 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 8:58:00 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 8:58:00 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 8:58:00 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 9:03:38 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 9:03:38 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/15/2010 9:03:38 PM | Computer Name = JTLAPTOP | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

[ System Events ]
Error - 10/20/2010 7:44:45 PM | Computer Name = JTLAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/20/2010 9:17:45 PM | Computer Name = JTLAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 10/20/2010 10:02:33 PM | Computer Name = JTLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/21/2010 8:08:50 AM | Computer Name = JTLAPTOP | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 10/21/2010 8:08:50 AM | Computer Name = JTLAPTOP | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/21/2010 8:10:46 AM | Computer Name = JTLAPTOP | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/21/2010 8:54:34 AM | Computer Name = JTLAPTOP | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 10/21/2010 8:54:34 AM | Computer Name = JTLAPTOP | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/22/2010 10:57:21 AM | Computer Name = JTLAPTOP | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 10/22/2010 10:57:21 AM | Computer Name = JTLAPTOP | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2


< End of report >
 
Good news :)

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

I can see Advanced SystemCare 3 installed on your computer.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni---sorry for the delayed reply---have been travelling. It looks like I'm good to go now. I just wanted to say THANK YOU for your help. My laptop would have been virtually useless without your assistance. Thanks again, and take care.
 
Oops, sorry....you asked for some more log posts....here you go.

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jonathan
->Temp folder emptied: 36473021 bytes
->Temporary Internet Files folder emptied: 132968 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41909247 bytes
->Flash cache emptied: 0 bytes

User: jthompson
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 1488 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 14512 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 621 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS
->Flash cache emptied: 0 bytes

User: Jonathan
->Flash cache emptied: 0 bytes

User: jthompson
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY
->Flash cache emptied: 0 bytes

User: NetworkService

User: NetworkService.NT AUTHORITY
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10282010_091207

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.2
Mozilla Firefox (3.6.11) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
795
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
397
trparky
T
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back