Solved Search being redirected

Status
Not open for further replies.
L

loupas

Posts: 15   +0
Hello,

Never heard from anyone earlier today so I am not sure if i did something wrong when I requested help. (original post - Search results redirected from any search engine (Part1) )
Was not sure how to post logs that exceeded limit Posted balance of logs as a reply in this post.

Search results from any engine (bing, google etc) are redirected to a random website the first time. When I try again I am brought to the correct place. I have completed all the steps (8) as required with the logs attached. Text too long so last two logs on next post. I used Avira as my virus scan and it slowed down my boot up considerably. Windows XP, IE8 ,Dell Dimension 8100 (old but serves my current needs).

Thank You for any help on this.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5611

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/27/2011 7:50:42 AM
mbam-log-2011-01-27 (07-50-42).txt

Scan type: Quick scan
Objects scanned: 156495
Time elapsed: 12 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes InfectedNo malicious items detected)
Memory Modules InfectedNo malicious items detected)
Registry Keys InfectedNo malicious items detected)
Registry Values InfectedNo malicious items detected)
Registry Data Items InfectedNo malicious items detected)
Folders Infected: (No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-27 08:38:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC35L040AVER07-0 rev.ER4OA41A
Running: j0nczy9b.exe; Driver: C:\DOCUME~1\Louis\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT AF92C7AE ZwCreateKey
SSDT AF92C7A4 ZwCreateThread
SSDT AF92C7B3 ZwDeleteKey
SSDT AF92C7BD ZwDeleteValueKey
SSDT AF92C7C2 ZwLoadKey
SSDT AF92C790 ZwOpenProcess
SSDT AF92C795 ZwOpenThread
SSDT AF92C7CC ZwReplaceKey
SSDT AF92C7C7 ZwRestoreKey
SSDT AF92C7B8 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\disk.sys entry point in ".rsrc" section [0xF762F514]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8C65360, 0x24BB1D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[224] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[760] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2264] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3080] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[760] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-18 8A3C4AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-20 8A3C4AEA
Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskIC35L040AVER07-0________________________ER4OA41A#5&297a1a48&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Start 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Tag 4
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@ImagePath System32\DRIVERS\tcpip.sys
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DisplayName TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnService IPSec?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@DependOnGroup
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip@Description TCP/IP Protocol Driver
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@NV Hostname dell
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DataBasePath %SystemRoot%\System32\drivers\etc
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@ForwardBroadcasts 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@IPEnableRouter 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Domain
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@Hostname dell
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DeadGWDetectDefault 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@SearchList
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@UseDomainNameDevolution 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableICMPRedirect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DontAddDefaultGatewayDe fault 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@EnableSecurityFilters 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpNameServer 209.18.47.61 209.18.47.62
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters@DhcpDomain nc.rr.com
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@LLIn terface WANARP
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@IpCo nfig Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}?Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\NdisWanIp@NumI nterfaces 2
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@LLInterface
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Adapters\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}@IpConfig Tcpip\Parameters\Interfaces\{80CE59DA-2786-4C92-8BBE-D52DEDC5B488}?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{760FBC59-E17E-4400-973E-B526DF417931}@DontAddDefaultGateway 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@UseZeroBroadcast 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDHCP 0
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@IPAddress 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@SubnetMask 0.0.0.0?
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DefaultGateway
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@EnableDeadGWDetect 1
Reg HKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7CB1774C-A8D1-48AC-885F-A5FDF9F7F12E}@DontAddDefaultGateway 0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL @
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@ Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 78165104 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat 16384 bytes
File C:\WINDOWS\system32\drivers\disk.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0158 ----
 
Remaining logs

DDS (Ver_10-12-12.02) - NTFSx86
Run by Louis at 8:43:16.43 on Thu 01/27/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.886 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
svchost.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
c:\program files\real\realplayer\RealPlay.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Louis\Desktop\dds.scr
c:\program files\real\realplayer\RealPlay.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DellTouch] c:\windows\DELLMMKB.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {01111C00-3E00-11D2-8470-0060089874ED} - hxxp://help.rr.com/Foundrysdccommon/download/tgctlar.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - hxxp://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120335949881
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123452782626
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024}
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/35/install/gtdownde.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system32\srrst

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\louis\applic~1\mozilla\firefox\profiles\fyipjy0t.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=e012fa3000174e8ca31a07 2c09260b6a&subid=
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordlegacyext.dll
FF - component: c:\documents and settings\louis\application data\mozilla\firefox\profiles\fyipjy0t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1

============= SERVICES / DRIVERS ===============

R? DIGIRPS;Digi PortServer Driver
R? gupdate1c98fc9a5dbb790;Google Update Service (gupdate1c98fc9a5dbb790)
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? NmPar;Unusable Parallel Port
R? nmserial;PCI Serial Port
R? SASENUM;SASENUM
R? vtdg46xx;vtdg46xx
S? AntiVirSchedulerService;Avira AntiVir Scheduler
S? AntiVirService;Avira AntiVir Guard
S? avgio;avgio
S? avgntflt;avgntflt
S? CFRMD;CFRMD
S? CFRPD;CFRPD
S? Cleaner_Validator;COMODO System - Cleaner Service
S? cmosa;cmosa
S? Lbd;Lbd
S? Msikbd2k;DellTouch
S? Nhksrv;Netropa NHK Server
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? tbcspud;Santa Cruz Driver
S? tbcwdm;Santa Cruz WDM Driver

=============== Created Last 30 ================

2067-02-24 20:21:18 79947 ----a-w- c:\windows\fw20.vxd
2011-01-27 00:06:38 -------- d-----w- c:\docume~1\louis\applic~1\Avira
2011-01-26 23:55:36 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-26 23:55:35 -------- d-----w- c:\program files\Avira
2011-01-26 23:55:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-01-26 23:25:15 28654 ----a-w- c:\windows\cscmondump.bin
2011-01-25 15:47:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-25 15:47:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-23 18:25:47 -------- d-----w- c:\documents and settings\louis\Tracing
2011-01-23 18:02:47 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-23 17:58:43 -------- d-----w- c:\program files\Microsoft
2011-01-23 17:58:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-01-23 17:56:51 74520 ----a-w- c:\program files\common files\windows live\.cache\e9ff23701cbbb26\DSETUP.dll
2011-01-23 17:56:51 484632 ----a-w- c:\program files\common files\windows live\.cache\e9ff23701cbbb26\DXSETUP.exe
2011-01-23 17:56:51 1670936 ----a-w- c:\program files\common files\windows live\.cache\e9ff23701cbbb26\dsetup32.dll
2011-01-23 17:56:30 1013800 ----a-w- c:\program files\common files\windows live\.cache\dcf8e0501cbbb26\WindowsXP-KB954708-x86-ENU.exe
2011-01-23 17:51:53 -------- d-----w- c:\program files\common files\Windows Live
2011-01-12 00:32:34 -------- d-----w- c:\program files\Search Toolbar
2011-01-12 00:32:25 -------- d-----w- c:\program files\File Extension Finder
2011-01-10 17:46:47 -------- d-----w- c:\docume~1\louis\applic~1\webex
2011-01-10 17:44:58 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
2011-01-10 17:44:45 202832 ----a-w- c:\windows\system32\atasnt40.dll
2011-01-03 23:33:38 388096 ----a-r- c:\docume~1\louis\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-03 23:31:25 -------- d-----w- c:\program files\Trend Micro
2011-01-02 16:58:30 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-01-02 16:58:13 -------- d-----w- c:\program files\common files\xing shared
2011-01-02 16:57:58 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-01-02 16:57:44 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-01-02 05:55:47 -------- d-----w- c:\docume~1\louis\applic~1\Local
2011-01-01 01:28:33 -------- d-----w- c:\windows\system32\TVUAx
2011-01-01 01:28:10 -------- d-----w- c:\program files\P2PFilter
2011-01-01 01:22:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Readon

==================== Find3M ====================

2011-01-02 16:57:34 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-01-02 16:57:34 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: IC35L040AVER07-0 rev.ER4OA41A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A3C4EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x89038872; SUB DWORD [EBP-0x4], 0x8903812e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A447AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A45B9D8]
[0x8A432890] -> IRP_MJ_CREATE -> 0x8A3C4EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskIC35L040AVER07-0________________________ER4OA41A#5&297a1a48&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A3C4AEA
user & kernel MBR OK
sectors 78165358 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 8:57:04.05 ===============

7300
7300_Help
7300Trb
Ad-Aware
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.5
Adobe SVG Viewer 6.0
AiO_Scan
AiOSoftware
Apple Application Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Backup Dell-Installed Programs
Bonjour
BufferChm
Canon Camera Access Library
Canon Camera Support Core Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
COMODO System-Cleaner
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Dell Digital Jukebox Driver
Dell Solution Center
DellTouch
Destinations
Director
DivX Setup
DocProc
DocumentViewer
Easy CD Creator 5 Basic
erLT
Fax
GdiplusUpgrade
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.1.0.366
HAI Dealer PC Access 2.16a
HAI Dealer PC Access 3
HAI PC Access 2.15
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPODiscovery
HPSystemDiagnostics
InstantShare
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 18
Junk Mail filter update
Logitech Desktop Messenger
Lucent Win Modem
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
Meeting Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Plus! for Windows XP
Microsoft Publisher 2002
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Move Media Player
Mozilla Firefox (2.0)
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
NVIDIA Drivers
OpenOffice.org Installer 1.0
OrangeWare USB2.0 Driver
overland
P2PFilter 3.0.5
PanoStandAlone
PhotoGallery
PowerDVD
PrimoPDF
ProductContext
QFolder
QuickTime
Readme
Readon TV Movie Radio Player 7.2.0.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Santa Cruz
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
SQL Server System CLR Types
SUPERAntiSpyware Free Edition
System Requirements Lab
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893086
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


First of all, all helpers here are just volunteers. We don't provide 911 service.
Stop creating multiple topics.
Create one and wait patiently.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Now, you're infected with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSS Killer loaded and executed

Broni

i am sorry for the multiple posts yesterday but I was not sure how to split up the logs (2 new topic or one topic with one reply). I was also confused with the "active" and thought it meant that if someone was being helped it was denoted by active. Accorrdingly, I thought others were being helped and I was being skipped because I did somethng wrong. I later in the evening figured out it had to do with being a member of the forum. I'm sorry.

Now, since I thought was not being helped, I reviewed the logs myself and determined that this was a rootkit problem. After looking at other posts I downloaded TDSS killer and ran it on my own. It found one object (with cure) and I hit continue. It rebooted the machine and the search bar worked correctly after that. Do you need me to do anything else? The log is below. Oh, before I forget, windows update wanted me to enter an update for IE security. I canceled it because of not changing anything after the post? Should I go back and get this update and install it now?

Thank you.


2011/01/27 14:51:19.0347 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/27 14:51:19.0347 ================================================================================
2011/01/27 14:51:19.0347 SystemInfo:
2011/01/27 14:51:19.0347
2011/01/27 14:51:19.0347 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/27 14:51:19.0347 Product type: Workstation
2011/01/27 14:51:19.0347 ComputerName: DELL
2011/01/27 14:51:19.0347 UserName: Louis
2011/01/27 14:51:19.0347 Windows directory: C:\WINDOWS
2011/01/27 14:51:19.0347 System windows directory: C:\WINDOWS
2011/01/27 14:51:19.0347 Processor architecture: Intel x86
2011/01/27 14:51:19.0347 Number of processors: 1
2011/01/27 14:51:19.0347 Page size: 0x1000
2011/01/27 14:51:19.0347 Boot type: Normal boot
2011/01/27 14:51:19.0347 ================================================================================
2011/01/27 14:51:19.0887 Initialize success
2011/01/27 14:51:34.0559 ================================================================================
2011/01/27 14:51:34.0559 Scan started
2011/01/27 14:51:34.0559 Mode: Manual;
2011/01/27 14:51:34.0559 ================================================================================
2011/01/27 14:51:36.0982 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/27 14:51:37.0563 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/27 14:51:38.0414 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/27 14:51:38.0955 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/27 14:51:39.0496 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/01/27 14:51:42.0971 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/27 14:51:43.0481 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/27 14:51:44.0413 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/27 14:51:44.0984 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/27 14:51:45.0364 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/27 14:51:45.0885 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/01/27 14:51:46.0446 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/01/27 14:51:46.0986 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/27 14:51:47.0517 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/27 14:51:48.0439 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/27 14:51:49.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/27 14:51:49.0590 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/01/27 14:51:50.0141 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/01/27 14:51:50.0612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/27 14:51:51.0203 cdudf_xp (5b20a47b0413240cdb93106bd58602a1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/01/27 14:51:51.0783 CFRMD (a6811f84b3df61e22e4f8749d9a8af61) C:\WINDOWS\system32\DRIVERS\CFRMD.sys
2011/01/27 14:51:52.0364 CFRPD (e854bd45cfb2898108ceccba89b67d0d) C:\WINDOWS\system32\DRIVERS\CFRPD.sys
2011/01/27 14:51:53.0576 cmosa (2bb3c81c74f83f9a86239e088ec4bd6a) C:\WINDOWS\system32\DRIVERS\cmosa.sys
2011/01/27 14:51:55.0188 DIGIRPS (9ae322f68cb80e6b1681b3a650e93edd) C:\WINDOWS\system32\DRIVERS\digirlpt.sys
2011/01/27 14:51:55.0629 Disk (ca2d25d9799d4551b77cdc5752d3c6c6) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/27 14:51:55.0629 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: ca2d25d9799d4551b77cdc5752d3c6c6, Fake md5: 044452051f3e02e7963599fc8f4f3e25
2011/01/27 14:51:55.0669 Disk - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/27 14:51:56.0440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/27 14:51:57.0231 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/27 14:51:57.0792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/27 14:51:58.0223 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/27 14:51:58.0984 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/27 14:51:59.0494 dvd_2K (3677e155d87dda2bc53142d7d234d12a) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/01/27 14:51:59.0975 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
2011/01/27 14:52:00.0496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/27 14:52:00.0987 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/27 14:52:01.0427 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/27 14:52:01.0888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/27 14:52:02.0439 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/27 14:52:03.0020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/27 14:52:03.0550 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/27 14:52:04.0021 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/01/27 14:52:04.0532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/27 14:52:05.0113 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/27 14:52:06.0184 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/01/27 14:52:06.0655 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/01/27 14:52:07.0085 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/01/27 14:52:07.0586 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/27 14:52:08.0858 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/27 14:52:09.0359 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/27 14:52:10.0290 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/01/27 14:52:10.0721 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/27 14:52:11.0191 IPFilter (0f42b3db32c7325755c24bc5de3fff78) C:\WINDOWS\system32\DRIVERS\IPFilter.sys
2011/01/27 14:52:11.0632 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/27 14:52:12.0093 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/27 14:52:12.0643 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/27 14:52:13.0164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/27 14:52:13.0905 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/27 14:52:14.0386 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/27 14:52:14.0857 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/27 14:52:15.0678 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/27 14:52:16.0168 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/27 14:52:16.0659 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/27 14:52:16.0940 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/01/27 14:52:17.0440 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/01/27 14:52:18.0512 ltmodem5 (63dd59fa7e685ea274f56da5774f2f3b) C:\WINDOWS\system32\DRIVERS\ltmdmxp.sys
2011/01/27 14:52:19.0173 MagicTune (f627e9da4d3d8dc05a15b68944302f14) C:\WINDOWS\system32\drivers\MTiCtwl.sys
2011/01/27 14:52:19.0673 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/01/27 14:52:20.0154 mmc_2K (a54fd7e564c996cfcee6ee7491f3c318) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/01/27 14:52:20.0705 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/27 14:52:21.0166 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/27 14:52:22.0027 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/27 14:52:22.0528 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/27 14:52:22.0968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/27 14:52:23.0449 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/27 14:52:24.0340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/27 14:52:24.0991 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/27 14:52:25.0662 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/27 14:52:26.0093 Msikbd2k (877ffd0fb093b80f5ed6ba64d7921881) C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
2011/01/27 14:52:26.0563 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/27 14:52:26.0994 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/27 14:52:27.0445 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/27 14:52:27.0915 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/27 14:52:28.0396 MTsensor (99223827f480061d036b67c7793c24d7) C:\WINDOWS\system32\DRIVERS\MTsensor.sys
2011/01/27 14:52:28.0867 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/27 14:52:29.0478 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/27 14:52:30.0008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/27 14:52:30.0529 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/27 14:52:31.0110 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/27 14:52:31.0671 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/27 14:52:32.0131 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/27 14:52:32.0712 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/27 14:52:34.0124 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/27 14:52:34.0825 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/27 14:52:35.0596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/27 14:52:37.0509 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/27 14:52:39.0903 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/27 14:52:40.0704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/27 14:52:41.0445 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/27 14:52:42.0126 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/27 14:52:42.0797 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/27 14:52:43.0498 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/27 14:52:44.0900 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/27 14:52:47.0513 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/01/27 14:52:47.0984 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/27 14:52:48.0455 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/27 14:52:48.0966 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/27 14:52:49.0446 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/27 14:52:49.0937 pwd_2K (dd37e1d9f08eec0cb0fc84e010f33c3b) C:\WINDOWS\system32\drivers\pwd_2K.sys
2011/01/27 14:52:50.0408 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/27 14:52:53.0382 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/27 14:52:53.0903 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/27 14:52:54.0403 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/27 14:52:54.0924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/27 14:52:55.0405 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/27 14:52:56.0026 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/27 14:52:56.0637 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/27 14:52:57.0618 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/27 14:52:57.0938 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/27 14:52:58.0009 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/01/27 14:52:58.0279 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/01/27 14:52:58.0770 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/27 14:52:59.0300 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/01/27 14:52:59.0761 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/27 14:53:00.0232 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/27 14:53:00.0712 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/27 14:53:01.0794 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/27 14:53:02.0295 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/27 14:53:03.0306 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/27 14:53:04.0007 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/01/27 14:53:04.0578 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/01/27 14:53:05.0059 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/27 14:53:05.0519 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/27 14:53:07.0262 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/27 14:53:07.0773 tbcspud (b45259cc19ea0a5b8a407923e03df96c) C:\WINDOWS\system32\drivers\tbcspud.sys
2011/01/27 14:53:08.0704 tbcwdm (c7480d4478fa45bc83753e3e0b09cb58) C:\WINDOWS\system32\drivers\tbcwdm.sys
2011/01/27 14:53:09.0455 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/27 14:53:10.0046 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/27 14:53:10.0476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/27 14:53:10.0957 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/27 14:53:11.0818 UdfReadr_xp (3af8116d049e6f98a6d37913da989984) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2011/01/27 14:53:12.0910 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/27 14:53:14.0843 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/27 14:53:15.0454 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/27 14:53:15.0904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/27 14:53:16.0445 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/27 14:53:16.0916 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/27 14:53:17.0447 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/27 14:53:17.0907 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/27 14:53:18.0388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/27 14:53:18.0879 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/27 14:53:19.0650 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/27 14:53:20.0541 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/27 14:53:20.0791 vtdg46xx (d099616ae84596f845c6ecb41745a645) C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys
2011/01/27 14:53:21.0252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/27 14:53:22.0063 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/27 14:53:22.0664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/27 14:53:23.0175 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/27 14:53:23.0736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/27 14:53:24.0326 ================================================================================
2011/01/27 14:53:24.0326 Scan finished
2011/01/27 14:53:24.0326 ================================================================================
2011/01/27 14:53:24.0356 Detected object count: 1
2011/01/27 14:53:55.0581 Disk (ca2d25d9799d4551b77cdc5752d3c6c6) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/27 14:53:55.0581 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\disk.sys. Real md5: ca2d25d9799d4551b77cdc5752d3c6c6, Fake md5: 044452051f3e02e7963599fc8f4f3e25
2011/01/27 14:54:00.0438 Backup copy found, using it..
2011/01/27 14:54:00.0589 C:\WINDOWS\system32\DRIVERS\disk.sys - will be cured after reboot
2011/01/27 14:54:00.0589 Rootkit.Win32.TDSS.tdl3(Disk) - User select action: Cure
2011/01/27 14:54:15.0200 Deinitialize success
 
Since we had rootkit involved, we need to keep checking to make sure, your computer is totally clean.
Good news, so far :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck & ComboFix Logs

Logs listed below. I am not sure if this means anything but when I ran Combofix.exe from my desktop the first time, I got a small pop up screen showing the software being loaded. After the green bar moved all the way to the right the pop up closed and something flashed on my desktop and then nothing. I was not sure if it was running (without me seeing anything) so I waited 3 hours without any report. Next, I tried to access the internet knowing it should be blocked and it was not. Then, I double clicked on the icon again and the same popup appeared but this time after a slight flash on the screen I got the disclosure statement and proceeded from there with a blue DOS.like box. The computer rebooted and the program ended.

Again, I am not sure if it was just a glitch the first time but thought I should let you know.

Thank you

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF798B000 intelide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF74C0000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF74A0000 fltmgr.sys
0xF748E000 sr.sys
0xF7647000 Lbd.sys
0xF7657000 PxHelp20.sys
0xF7477000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF744A000 NDIS.sys
0xF7430000 Mup.sys
0xF7667000 agp440.sys
0xB9FDF000 \SystemRoot\System32\DRIVERS\processr.sys
0xF7927000 \SystemRoot\system32\DRIVERS\MTsensor.sys
0xB8EE9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8ED5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF77BF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8EB1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8E8D000 \SystemRoot\system32\drivers\tbcspud.sys
0xF79DD000 \SystemRoot\system32\drivers\tbcos.sys
0xB8E6A000 \SystemRoot\system32\drivers\ks.sys
0xB8DCD000 \SystemRoot\system32\DRIVERS\ltmdmxp.sys
0xF77CF000 \SystemRoot\System32\Drivers\Modem.SYS
0xB8D77000 \SystemRoot\System32\DRIVERS\el90xbc5.sys
0xF77D7000 \SystemRoot\System32\DRIVERS\fdc.sys
0xB8D63000 \SystemRoot\System32\DRIVERS\parport.sys
0xB9FBF000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xB9FAF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xB8D50000 \SystemRoot\System32\Drivers\pwd_2K.SYS
0xB9F9F000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF77DF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7ABE000 \SystemRoot\System32\DRIVERS\audstub.sys
0xB9F8F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7937000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xB8D39000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xB9F7F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xB9F6F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xB92F9000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xB8D28000 \SystemRoot\System32\DRIVERS\psched.sys
0xB9F5F000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7767000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF775F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7687000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF777F000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF798F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xB6FB3000 \SystemRoot\System32\DRIVERS\update.sys
0xBA6F7000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF774F000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF7577000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF799D000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7567000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB4AD4000 \SystemRoot\system32\drivers\tbcwdm.sys
0xB4AB0000 \SystemRoot\system32\drivers\portcls.sys
0xBA788000 \SystemRoot\system32\drivers\drmk.sys
0xBA7C4000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xB6E8C000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7747000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7527000 \SystemRoot\system32\DRIVERS\CFRMD.sys
0xB9301000 \SystemRoot\system32\DRIVERS\CFRPD.sys
0xF7AA3000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7AC1000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xB701F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A63000 \SystemRoot\System32\Drivers\Null.SYS
0xB701D000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7737000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF77E7000 \SystemRoot\System32\drivers\vga.sys
0xB701B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB7019000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB4A57000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF773F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB4A12000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xB547C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB49ED000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB4994000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xBA748000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xB496E000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB4946000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF7787000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xB4924000 \SystemRoot\System32\drivers\afd.sys
0xBA728000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB92D9000 \SystemRoot\System32\DRIVERS\cmosa.sys
0xB4902000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF780F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB48D7000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB4867000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA718000 \SystemRoot\System32\Drivers\Fips.SYS
0xF76F7000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xBA7B8000 \SystemRoot\System32\DRIVERS\serenum.sys
0xB47D2000 \SystemRoot\System32\Drivers\aswSP.SYS
0xB92B9000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB92E1000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xB6E78000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xB5C24000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xB5C14000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB5468000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7727000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF7797000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB483D000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xB54D4000 \SystemRoot\system32\DRIVERS\point32.sys
0xB5C04000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5BF4000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xB4831000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xB4829000 \SystemRoot\System32\DRIVERS\kbdhid.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\msikbd2k.sys
0xB4792000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB47CA000 \SystemRoot\System32\drivers\Dxapi.sys
0xB54AC000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xB99C7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB3B8F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8BA81000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x8B8DC000 \SystemRoot\system32\drivers\wdmaud.sys
0xF76D7000 \SystemRoot\system32\drivers\sysaudio.sys
0x8B6C9000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF79A9000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB3A95000 \SystemRoot\System32\Drivers\TDTCP.SYS
0x8AAF4000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x8A80B000 \SystemRoot\System32\Drivers\HTTP.sys
0x8B0F4000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 43):
0 System Idle Process
4 System
428 C:\WINDOWS\system32\smss.exe
592 csrss.exe
636 C:\WINDOWS\system32\winlogon.exe
680 C:\WINDOWS\system32\services.exe
692 C:\WINDOWS\system32\lsass.exe
864 C:\WINDOWS\system32\svchost.exe
908 svchost.exe
1012 C:\WINDOWS\system32\svchost.exe
1056 svchost.exe
1184 svchost.exe
1248 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1376 C:\WINDOWS\explorer.exe
1512 C:\WINDOWS\DellMMKb.exe
1536 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
1560 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
1568 C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
1576 C:\Program Files\Real\realplayer\Update\realsched.exe
1592 C:\WINDOWS\system32\tbctray.exe
1600 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1688 C:\WINDOWS\system32\ctfmon.exe
268 C:\WINDOWS\system32\spoolsv.exe
1084 C:\Program Files\Netropa\OSD.exe
1096 svchost.exe
1720 C:\WINDOWS\Nhksrv.exe
200 C:\Program Files\Bonjour\mDNSResponder.exe
504 C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
528 C:\WINDOWS\system32\dllhost.exe
1660 C:\Program Files\Java\jre6\bin\jqs.exe
1696 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1736 C:\WINDOWS\system32\nvsvc32.exe
2132 C:\WINDOWS\system32\svchost.exe
2360 C:\WINDOWS\system32\searchindexer.exe
2644 C:\Program Files\Canon\CAL\CALMAIN.exe
3192 alg.exe
1816 C:\Program Files\Internet Explorer\iexplore.exe
3512 C:\Program Files\Internet Explorer\iexplore.exe
2972 C:\Program Files\Internet Explorer\iexplore.exe
2708 C:\Program Files\Internet Explorer\iexplore.exe
5920 C:\WINDOWS\system32\searchprotocolhost.exe
5936 searchfilterhost.exe
6040 C:\Documents and Settings\Louis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC35L040AVER07-0, Rev: ER4OA41A
PhysicalDrive1 Model Number: WDCWD205BA, Rev: 16.13M16

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
19 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



ComboFix 11-01-28.01 - Louis 01/28/2011 19:22:15.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.848 [GMT -5:00]
Running from: C:\Documents and Settings\Louis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Louis\Application Data\Local
C:\Documents and Settings\Louis\Application Data\PriceGong
C:\Documents and Settings\Louis\Application Data\PriceGong\Data\mru.xml
C:\Program Files\Search Toolbar
C:\Program Files\Search Toolbar\icon.ico
C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
C:\Program Files\Search Toolbar\SearchToolbarUpdater.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.
 
MBRCheck log looks good, but Combofix log is incomplete.
You should be able to find Combofix log at C:\combofix.txt.
Open it with a Notepad.
If it looks exactly as the log above, re-run Combofix.
If the log is different, post it.
 
ComboFix Log after rerunning program

ComboFix 11-01-28.01 - Louis 01/28/2011 21:09:49.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1019 [GMT -5:00]
Running from: c:\documents and settings\Louis\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\setup.ini
.
---- Previous Run -------
.
c:\documents and settings\Louis\Application Data\PriceGong\Data\mru.xml
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.

2067-02-24 20:21 . 2003-02-05 09:02 79947 ----a-w- c:\windows\fw20.vxd
2011-01-28 01:40 . 2011-01-13 08:37 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-28 01:40 . 2011-01-13 08:41 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-28 01:40 . 2011-01-13 08:37 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-28 01:40 . 2011-01-13 08:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-28 01:40 . 2011-01-13 08:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-28 01:40 . 2011-01-13 08:39 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-28 01:40 . 2011-01-13 08:37 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-28 01:39 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-28 01:39 . 2011-01-13 08:47 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-28 01:38 . 2011-01-28 01:38 -------- d-----w- c:\program files\Alwil Software
2011-01-28 01:38 . 2011-01-28 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-26 23:25 . 2011-01-29 00:44 79475 ----a-w- c:\windows\cscmondump.bin
2011-01-25 15:47 . 2011-01-25 15:47 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-25 15:44 . 2011-01-25 15:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-01-25 15:37 . 2011-01-25 15:37 -------- d-----w- c:\documents and settings\Administrator\IECompatCache
2011-01-25 15:36 . 2011-01-25 15:36 -------- d-----w- c:\documents and settings\Administrator\PrivacIE
2011-01-25 15:17 . 2011-01-25 15:17 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2011-01-23 18:25 . 2011-01-23 18:25 -------- d-----w- c:\documents and settings\Louis\Tracing
2011-01-23 18:02 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-01-23 17:58 . 2011-01-23 18:03 -------- d-----w- c:\program files\Microsoft
2011-01-23 17:58 . 2011-01-23 17:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-01-23 17:57 . 2011-01-23 18:03 -------- d-----w- c:\program files\Windows Live
2011-01-23 17:51 . 2011-01-23 17:51 -------- d-----w- c:\program files\Common Files\Windows Live
2011-01-12 00:32 . 2011-01-12 00:32 -------- d-----w- c:\program files\File Extension Finder
2011-01-10 17:46 . 2011-01-10 17:46 -------- d-----w- c:\documents and settings\Louis\Application Data\webex
2011-01-10 17:44 . 2011-01-10 17:44 51304 ----a-w- c:\windows\system32\drivers\atnt40k.sys
2011-01-10 17:44 . 2011-01-10 17:44 202832 ----a-w- c:\windows\system32\atasnt40.dll
2011-01-03 23:33 . 2011-01-03 23:33 388096 ----a-r- c:\documents and settings\Louis\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 23:31 . 2011-01-03 23:31 -------- d-----w- c:\program files\Trend Micro
2011-01-02 16:58 . 2011-01-02 16:58 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2011-01-02 16:58 . 2011-01-02 16:58 -------- d-----w- c:\program files\Common Files\xing shared
2011-01-02 16:57 . 2011-01-02 16:57 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2011-01-02 16:57 . 2011-01-02 16:57 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2011-01-01 01:28 . 2011-01-01 01:41 -------- d-----w- c:\windows\system32\TVUAx
2011-01-01 01:28 . 2011-01-01 01:28 -------- d-----w- c:\program files\P2PFilter
2011-01-01 01:22 . 2011-01-01 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Readon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-27 19:56 . 2005-01-30 18:30 36352 ----a-w- c:\windows\system32\drivers\disk.sys
2011-01-02 16:57 . 2008-12-04 05:22 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-01-02 16:57 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-20 23:09 . 2010-09-17 19:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-09-17 19:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 12:15 . 2010-12-09 12:15 33232 ----a-w- c:\windows\system32\drivers\CFRPD.sys
2010-12-09 12:14 . 2010-12-09 12:14 66584 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2010-11-18 18:12 . 2005-01-30 18:31 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-09 14:52 . 2005-01-30 05:11 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 00:26 . 2005-01-30 18:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-06 00:26 . 2005-01-30 18:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 20:38 . 2009-10-30 20:01 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-11-03 12:25 . 2005-09-28 01:39 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2001-08-23 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2008-06-19 09:16 . 2008-06-19 09:16 118784 ----a-w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2006-10-11 08:04 . 2008-03-31 23:12 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-03-31 23:12 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-03-31 23:12 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-03-31 23:12 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-03-31 23:12 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellTouch"="c:\windows\DELLMMKB.EXE" [2001-09-23 163840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-01-02 274608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2002-04-03 290816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2001-09-04 20:31 655360 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSC]
2000-11-30 19:17 331776 ----a-w- c:\program files\Dell\Solution Center\Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTouch]
2001-09-23 11:14 163840 ----a-w- c:\windows\DellMMKb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-01-05 00:25 16384 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 23:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-10-08 13:49 53248 ----a-w- c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-10-08 13:49 131072 ----a-w- c:\program files\MusicMatch\MusicMatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 17:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 17:22 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 17:22 1622016 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-01-19 14:16 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/30/2009 3:03 PM 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/27/2011 8:40 PM 294608]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [12/9/2010 7:14 AM 66584]
R1 CFRPD;CFRPD;c:\windows\system32\drivers\CFRPD.sys [12/9/2010 7:15 AM 33232]
R1 cmosa;cmosa;c:\windows\system32\drivers\cmosa.sys [1/13/2009 6:41 PM 29344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/16/2009 4:26 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/27/2011 8:40 PM 17744]
R2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [12/9/2010 7:08 AM 305600]
R2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [9/27/2005 9:17 PM 28672]
R3 Msikbd2k;DellTouch;c:\windows\system32\drivers\Msikbd2k.sys [9/27/2005 9:17 PM 6942]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [1/29/2005 11:18 PM 144768]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [1/29/2005 11:18 PM 545088]
S2 gupdate1c98fc9a5dbb790;Google Update Service (gupdate1c98fc9a5dbb790);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2009 7:00 PM 133104]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [1/2/2009 1:01 PM 42432]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1402272]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15264]
S3 NmPar;Unusable Parallel Port;c:\windows\system32\DRIVERS\NmPar.sys --> c:\windows\system32\DRIVERS\NmPar.sys [?]
S3 nmserial;PCI Serial Port;c:\windows\system32\DRIVERS\nmserial.sys --> c:\windows\system32\DRIVERS\nmserial.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 12872]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [1/29/2005 11:18 PM 19232]
.
Contents of the 'Scheduled Tasks' folder

2011-01-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 23:49]

2011-01-28 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 00:00]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 00:00]

2010-09-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-11 21:23]

2011-01-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-527237240-920026266-854245398-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-920026266-854245398-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-28 c:\windows\Tasks\User_Feed_Synchronization-{197ECBFD-D9FE-4BBE-BA1C-1D010905ED57}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2011-01-29 c:\windows\Tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=e012fa3000174e8ca31a072c09260b6a&subid=
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-BbInstallUser - c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
MSConfigStartUp-BbPrintMonitor - c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
MSConfigStartUp-capfasem - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
MSConfigStartUp-capfupgrade - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-ViewMgr - c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-ViewpointPhotosDeviceConnect - c:\program files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-28 21:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Louis\LOCALS~1\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\Perflib_Perfdata_700.dat 16384 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2011-01-28 21:34:17
ComboFix-quarantined-files.txt 2011-01-29 02:34

Pre-Run: 17,330,585,600 bytes free
Post-Run: 17,304,539,136 bytes free

- - End Of File - - FE6E3C38BA7D64B6169011071E48ECBA
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Txts Part 1 (entire file to large)

OTL logfile created on: 1/28/2011 10:00:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Louis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.09 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
Drive F: | 19.10 Gb Total Space | 13.92 Gb Free Space | 72.86% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
PRC - [2011/01/13 03:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/01/02 11:57:36 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/12/09 14:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 16:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2002/04/03 15:47:38 | 000,290,816 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\system32\tbctray.exe
PRC - [2001/09/23 06:14:48 | 000,163,840 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\DellMMKb.exe
PRC - [2001/09/22 13:28:38 | 000,090,112 | ---- | M] (Netropa Corp.) -- C:\Program Files\Netropa\OSD.exe
PRC - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\Nhksrv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
MOD - [2011/01/13 03:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/26 18:49:45 | 001,402,272 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/01/13 03:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/12/09 07:08:10 | 000,305,600 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe -- (Cleaner_Validator)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2001/08/06 12:41:48 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Nhksrv.exe -- (Nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/09 07:15:18 | 000,033,232 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRPD.sys -- (CFRPD)
DRV - [2010/12/09 07:14:56 | 000,066,584 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2010/11/05 15:38:29 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/17 12:01:52 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/17 12:01:52 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/09/17 12:01:52 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/08/12 07:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/13 19:49:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/11/13 19:49:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/10/21 07:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2003/07/16 09:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/04/03 15:51:16 | 000,545,088 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2002/04/03 15:51:12 | 000,144,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2002/03/21 19:44:32 | 000,019,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Turtle Beach\Santa Cruz\Control Panel\vtdg46xx.sys -- (vtdg46xx)
DRV - [2001/12/04 09:18:06 | 000,659,905 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmxp.sys -- (ltmodem5)
DRV - [2001/09/10 10:43:46 | 000,205,824 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001/09/04 16:37:08 | 000,233,344 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001/09/04 15:39:50 | 000,017,990 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001/09/04 15:39:40 | 000,019,702 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001/09/04 15:39:28 | 000,078,454 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)
DRV - [2001/08/17 07:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [2001/03/16 11:40:32 | 000,014,392 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTsensor.sys -- (MTsensor)
DRV - [2001/03/16 11:40:22 | 000,029,344 | ---- | M] (Dell Computer Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmosa.sys -- (cmosa)
DRV - [2000/10/03 14:18:24 | 000,006,942 | ---- | M] (Netropa Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Msikbd2k.sys -- (Msikbd2k)
DRV - [2000/05/19 16:24:56 | 000,011,504 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://mp3tubetoolbarsearch.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtb04ff&clid=e012fa3000174e8ca31a072c09260b6a&subid="
FF - prefs.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="

FF - user.js..keyword.URL: "http://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords="
FF - user.js..keyword.enabled: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/02 00:55:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/02 00:55:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/02 11:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 11:57:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 17:34:42 | 000,000,000 | ---D | M]

[2011/01/17 14:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions
[2010/09/17 07:22:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/15 07:45:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/01/17 14:55:00 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\firefox@tvunetworks.com
[2011/01/11 19:32:38 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\extensions\searchtoolbar@zugo.com
[2011/01/11 19:32:40 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Mozilla\Firefox\Profiles\fyipjy0t.default\searchplugins\bing-zugo.xml
[2010/12/12 20:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/03/31 18:12:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/03/31 18:12:10 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/03/31 18:12:29 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2011/01/02 11:58:09 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/12 10:34:09 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\LOUIS\APPLICATION DATA\MOVE NETWORKS
[2011/01/02 00:55:44 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2008/12/23 19:37:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2008/06/19 04:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\MyCamera.dll
[2008/06/19 04:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/01/28 21:26:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellTouch] C:\WINDOWS\DellMMKb.exe (Netropa Corp.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe (Voyetra Turtle Beach, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} http://help.rr.com/Foundrysdccommon/download/tgctlar.cab (Support.com ActionRunner Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab (VerifyGMN Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} https://www.select2perform.com/cabs/QOLCheck.ocx (QOLCheck Control)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab (FixController Control)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120335949881 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123452782626 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://attwm.webex.com/client/T25L10NSP41EP15-attwm/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/35/install/gtdownde.cab (Dell PC Checkup Installer Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab (MSN Games – Backgammon)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Louis\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/29 22:48:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/06/21 18:22:32 | 000,000,618 | ---- | M] () - F:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2005/02/04 21:45:56 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\L3CODECX.ACM (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/28 21:58:44 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
[2011/01/28 19:17:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/28 19:17:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/28 19:17:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/28 19:17:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/28 19:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/28 19:15:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/27 20:40:37 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/27 20:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/27 20:40:36 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/27 20:40:34 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/27 20:40:32 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/27 20:40:31 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/27 20:40:31 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/27 20:40:30 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/27 20:39:07 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/27 20:39:05 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/27 20:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/27 20:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/27 12:03:48 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Louis\Desktop\tdsskiller.exe
[2011/01/26 20:42:05 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\TFC.exe
[2011/01/26 17:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/01/24 22:50:25 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Louis\My Documents\My Stationery
[2011/01/23 13:25:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Tracing
[2011/01/23 13:03:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2011/01/23 12:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/01/23 12:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/01/23 12:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/01/23 12:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2011/01/23 12:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/01/23 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/01/11 19:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\File Extension Finder
[2011/01/10 12:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Application Data\webex
[2011/01/10 12:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\My Documents\WebEx
[2011/01/10 12:44:45 | 000,202,832 | ---- | C] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2011/01/05 22:09:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Louis\Desktop\HAI - PC Access
[2011/01/03 18:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Start Menu\Programs\HiJackThis
[2011/01/03 18:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/03 18:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/01/02 11:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/01/02 11:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2010/12/31 20:28:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx
[2010/12/31 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\P2PFilter
[2010/12/31 20:22:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Readon
[2010/12/31 20:16:45 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/12/31 20:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[1 C:\Documents and Settings\Louis\Application Data\*.tmp files -> C:\Documents and Settings\Louis\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/28 22:06:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job
[2011/01/28 22:00:06 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-920026266-854245398-1004.job
[2011/01/28 22:00:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-920026266-854245398-1004.job
[2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
[2011/01/28 21:55:27 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\HiJackThis.lnk
[2011/01/28 21:54:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{197ECBFD-D9FE-4BBE-BA1C-1D010905ED57}.job
[2011/01/28 21:50:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/28 21:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/28 21:34:24 | 000,000,269 | ---- | M] () -- C:\WINDOWS\MSIOSD.INI
[2011/01/28 21:26:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/28 19:49:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/28 19:47:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/28 19:45:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/28 19:45:45 | 1609,711,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/28 19:44:03 | 000,079,475 | ---- | M] () -- C:\WINDOWS\cscmondump.bin
[2011/01/28 18:56:03 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/01/28 18:16:37 | 000,002,499 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2011/01/28 17:43:10 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/01/28 16:21:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/28 15:32:41 | 004,261,554 | R--- | M] () -- C:\Documents and Settings\Louis\Desktop\ComboFix.exe
[2011/01/28 15:29:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\MBRCheck.exe
[2011/01/28 11:17:11 | 000,013,102 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/27 23:18:16 | 001,391,544 | ---- | M] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/01/27 23:18:15 | 001,536,460 | ---- | M] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/01/27 20:40:37 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/27 17:42:41 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Readon TV Movie Radio Player.lnk
[2011/01/27 12:03:50 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Louis\Desktop\tdsskiller.exe
[2011/01/27 11:41:13 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\log.doc
[2011/01/27 08:46:23 | 000,051,525 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Lycos Mail.url
[2011/01/27 08:42:54 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\dds.scr
[2011/01/27 07:39:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\j0nczy9b.exe
[2011/01/26 23:03:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\TFC.exe
[2011/01/26 17:39:52 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System-Cleaner.lnk
[2011/01/26 17:38:34 | 000,006,292 | ---- | M] () -- C:\WINDOWS\System32\cfrmd.PNF
[2011/01/23 16:26:37 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/23 13:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/21 16:30:41 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable Time Warner Cable East.url
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/10 12:44:58 | 000,051,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2011/01/10 12:44:53 | 000,202,832 | ---- | M] (WebEx Communications, Inc) -- C:\WINDOWS\System32\atasnt40.dll
[2011/01/06 17:27:52 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable - TV Listings.url
[2011/01/04 12:46:54 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Microsoft Word.lnk
[2011/01/03 19:59:23 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\Application Data.lnk
[2011/01/03 17:08:21 | 000,000,312 | ---- | M] () -- C:\WINDOWS\MMKEYBD.INI
[2011/01/02 11:58:23 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/01/02 11:57:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[1 C:\Documents and Settings\Louis\Application Data\*.tmp files -> C:\Documents and Settings\Louis\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2067/02/24 15:21:18 | 000,079,947 | ---- | C] () -- C:\WINDOWS\fw20.vxd
[2011/01/28 19:17:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/28 19:17:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 19:17:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/28 19:17:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 19:17:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/28 15:32:39 | 004,261,554 | R--- | C] () -- C:\Documents and Settings\Louis\Desktop\ComboFix.exe
[2011/01/28 15:29:43 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\MBRCheck.exe
[2011/01/27 20:40:37 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/27 08:42:53 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\dds.scr
[2011/01/27 07:51:46 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\log.doc
[2011/01/27 07:39:57 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\j0nczy9b.exe
[2011/01/26 18:25:15 | 000,079,475 | ---- | C] () -- C:\WINDOWS\cscmondump.bin
[2011/01/26 18:25:02 | 001,536,460 | ---- | C] () -- C:\WINDOWS\CSC_ServiceDump.dat
[2011/01/26 18:25:02 | 001,391,544 | ---- | C] () -- C:\WINDOWS\CSC_ActiveCleanLog.dat
[2011/01/26 17:43:02 | 000,000,450 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Updater.job
[2011/01/26 17:39:52 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System-Cleaner.lnk
[2011/01/26 17:38:32 | 000,006,292 | ---- | C] () -- C:\WINDOWS\System32\cfrmd.PNF
[2011/01/25 10:49:29 | 1609,711,616 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/25 10:37:04 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job
[2011/01/10 12:44:58 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2011/01/06 17:47:37 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable Time Warner Cable East.url
[2011/01/06 17:47:17 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\Time Warner Cable - TV Listings.url
[2011/01/03 18:31:25 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Louis\Desktop\HiJackThis.lnk
[2011/01/02 11:58:23 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2010/12/31 20:18:07 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-527237240-920026266-854245398-1004.job
[2010/12/31 20:18:05 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-527237240-920026266-854245398-1004.job
[2010/12/12 20:28:01 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/12 20:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/18 17:47:01 | 000,000,094 | ---- | C] () -- C:\WINDOWS\awshkwv.ini
[2010/09/09 12:55:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2010/08/14 00:11:58 | 000,159,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/01/13 18:59:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DellSC.INI
[2008/12/12 18:07:01 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys
[2008/03/23 10:37:10 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/03/10 19:09:38 | 000,006,102 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\PrimoPDFSet.xml
[2008/03/10 19:09:38 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\APUSet.xml
[2008/03/10 19:05:03 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/12/24 18:43:40 | 000,089,413 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\FASTWiz.log
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/25 20:59:49 | 000,003,401 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\HPCOM_48BitScanUpdate.log
[2006/11/16 17:46:01 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/06 16:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/09 15:08:15 | 000,005,438 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/09 15:08:15 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/13 20:42:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2005/09/27 21:17:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\MMKeybd.dll
[2005/09/27 21:17:40 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2005/09/27 21:17:40 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2005/09/27 21:17:34 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2005/02/04 08:21:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2005/01/30 19:52:23 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/30 19:19:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/30 18:42:31 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\fusioncache.dat
[2005/01/30 17:29:32 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2005/01/30 17:29:32 | 000,000,915 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2005/01/30 17:20:23 | 000,039,385 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/01/29 23:14:07 | 000,003,076 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2005/01/29 23:08:37 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserName.txt
[2005/01/29 17:36:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001/08/10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
 
OTL Part 2

========== LOP Check ==========

[2011/01/27 20:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/09/09 12:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/12/26 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dLkNo09000
[2009/01/02 18:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/12/31 20:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Readon
[2010/10/03 18:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/20 16:31:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2009/06/08 18:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Finder
[2008/09/17 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\HAI
[2005/01/30 19:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Leadertech
[2008/03/07 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\PDF reDirect
[2005/01/30 19:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\The Labyrinth Plus! Edition
[2007/12/30 14:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Viewpoint
[2011/01/10 12:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\webex
[2009/06/05 18:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Windows Desktop Search
[2009/06/06 20:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Windows Search
[2011/01/28 16:21:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/01/28 21:54:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{197ECBFD-D9FE-4BBE-BA1C-1D010905ED57}.job
[2011/01/28 22:06:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{D4BD2BBB-3E10-4B78-8EC9-7FAB5FF94DA9}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/01/28 19:45:29 | 000,037,338 | ---- | M] () -- C:\aaw7boot.log
[2005/01/29 22:48:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/09/27 19:03:57 | 000,000,282 | RHS- | M] () -- C:\BOOT.BAK
[2010/09/09 07:35:22 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2006/01/13 20:17:38 | 000,009,444 | ---- | M] () -- C:\caavsetup.log
[2010/09/09 12:05:25 | 000,035,534 | ---- | M] () -- C:\caavsetupLog.txt
[2010/09/24 12:43:22 | 000,000,540 | ---- | M] () -- C:\caEntitlementLog.txt
[2010/09/24 12:58:29 | 000,725,375 | ---- | M] () -- C:\caisslog.txt
[2001/08/23 07:00:00 | 000,237,728 | RHS- | M] () -- C:\cmldr
[2011/01/28 21:34:19 | 000,022,312 | ---- | M] () -- C:\ComboFix.txt
[2005/01/29 22:48:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/01/13 20:17:17 | 000,000,026 | ---- | M] () -- C:\ezsetuplog.txt
[2011/01/28 19:45:45 | 1609,711,616 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/26 22:03:50 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2005/01/29 22:48:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/09/22 17:20:31 | 000,000,445 | -H-- | M] () -- C:\IPH.PH
[2010/09/06 17:42:27 | 000,030,240 | ---- | M] () -- C:\M1319.log
[2010/04/29 15:49:38 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/01/29 22:48:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/09/27 20:28:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/30 19:05:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/28 19:45:30 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2005/09/22 17:20:31 | 000,000,288 | -H-- | M] () -- C:\T4Metrics.log
[2011/01/27 14:54:15 | 000,041,308 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_27.01.2011_14.51.19_log.txt
[2011/01/27 17:39:54 | 000,039,666 | ---- | M] () -- C:\TDSSKiller.2.4.15.0_27.01.2011_17.36.41_log.txt
[2009/02/24 15:37:12 | 000,000,512 | ---- | M] () -- C:\updatedatfix.log
[2006/08/19 15:22:40 | 000,066,989 | ---- | M] () -- C:\VETlog.dmp
[2006/08/19 15:22:40 | 000,001,831 | ---- | M] () -- C:\VETlog.txt
[2010/10/03 18:44:31 | 000,004,235 | ---- | M] () -- C:\VundoFix.txt
[2008/06/20 15:21:09 | 000,000,000 | ---- | M] () -- C:\wizard.txt
[2006/06/11 22:31:14 | 000,002,370 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/01/29 22:48:05 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/01/29 17:34:34 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/01/29 17:34:34 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/01/29 17:34:34 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/30 19:33:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/01/30 19:07:28 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/01/29 22:55:10 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/28 15:32:41 | 004,261,554 | R--- | M] () -- C:\Documents and Settings\Louis\Desktop\ComboFix.exe
[2011/01/27 07:39:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\j0nczy9b.exe
[2011/01/28 15:29:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Louis\Desktop\MBRCheck.exe
[2011/01/28 21:58:45 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\OTL.exe
[2011/01/27 12:03:50 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Louis\Desktop\tdsskiller.exe
[2011/01/26 23:03:25 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Louis\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/08/12 16:14:39 | 111,975,440 | ---- | M] (Bluebeam Software, Inc. ) -- C:\Documents and Settings\Louis\My Documents\BbPDFRevuStandard850.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2001/07/29 12:44:02 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Louis\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/28 22:00:04 | 000,098,304 | -HS- | M] () -- C:\Documents and Settings\Louis\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/20 22:29:46 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 22:29:46 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2002/08/29 05:41:26 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/20 22:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/20 22:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/20 22:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 10:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
Extras.txt

OTL Extras logfile created on: 1/28/2011 10:00:50 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Louis\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 16.09 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
Drive F: | 19.10 Gb Total Space | 13.92 Gb Free Space | 72.86% Space Free | Partition Type: NTFS

Computer Name: DELL | User Name: Louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Savings Bond Wizard\SBWizard.exe" = C:\Program Files\Savings Bond Wizard\SBWizard.exe:*:Enabled:Savings Bond Wizard -- (U.S. Department of the Treasury)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:HP All-in-One Launcher Utility -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:HP Fax Setup Wizard -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{1584854C-1513-40EA-96D4-493384D0A3C7}" = Readon TV Movie Radio Player 7.2.0.0
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2766A4-6AE4-11D4-AC8E-52544C1966EE}" = Backup Dell-Installed Programs
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B0ED720-87D3-11D4-A188-0050DA2DDF19}" = Dell Solution Center
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{706D5382-7381-4680-9DD0-161832578252}" = DellTouch
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B53422A7-10EC-4156-BCF3-550E82D4F363}" = OrangeWare USB2.0 Driver
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4039DC0-905D-4372-8B20-120F0B6CF283}" = COMODO System-Cleaner
"{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"ActiveTouchMeetingClient" = Meeting Service
"Ad-Aware" = Ad-Aware
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"avast5" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DivX Setup.divx.com" = DivX Setup
"EOS Utility" = Canon Utilities EOS Utility
"HAI Dealer PC Access" = HAI Dealer PC Access 2.16a
"HAI Dealer PC Access 3" = HAI Dealer PC Access 3
"HAI PC Access" = HAI PC Access 2.15
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LTWinModem" = Lucent Win Modem
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"P2PFilter" = P2PFilter 3.0.5
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF4.0" = PrimoPDF
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SystemRequirementsLab" = System Requirements Lab
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 9:17:45 PM | Computer Name = DELL | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 1/8/2011 2:26:46 PM | Computer Name = DELL | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOUIS\MY DOCUMENTS\MY PICTURES\TOM
HOUSE PICTURES\MASTER CLOSET STORAGE.JPG> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/8/2011 2:26:46 PM | Computer Name = DELL | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOUIS\MY DOCUMENTS\MY PICTURES\TOM
HOUSE PICTURES\MASTER CLOSET STORAGE.JPG> in the hash map cannot be updated. Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 1/25/2011 11:05:14 AM | Computer Name = DELL | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 1/25/2011 11:50:32 AM | Computer Name = DELL | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 1/25/2011 11:50:33 AM | Computer Name = DELL | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 1/25/2011 11:50:33 AM | Computer Name = DELL | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 1/25/2011 11:50:33 AM | Computer Name = DELL | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 1/25/2011 3:53:17 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00002663.

Error - 1/27/2011 8:13:23 AM | Computer Name = DELL | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 1/27/2011 9:14:37 AM | Computer Name = DELL | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 1/27/2011 9:14:37 AM | Computer Name = DELL | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 1/27/2011 3:58:50 PM | Computer Name = DELL | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 1/27/2011 3:59:47 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 1/27/2011 4:01:34 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/27/2011 4:01:38 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/27/2011 4:01:38 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/28/2011 10:29:12 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 1/28/2011 8:49:33 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 1/28/2011 10:47:41 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The COMODO System - Cleaner Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-527237240-920026266-854245398-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab (Reg Error: Key error.)
[1 C:\Documents and Settings\Louis\Application Data\*.tmp files -> C:\Documents and Settings\Louis\Application Data\*.tmp -> ]
[2010/09/09 12:55:39 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\mkghj.dll
[2007/12/30 14:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Viewpoint


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL & Checkup.txt

Sorry for the delay. The last scan kept locking up my desktop. After 2 scans I was able to deteremine that there were no threats found. Since messing with Java sofware, I keep getting a Jusched,exe IE explorer problem that the system wants to report to microsoft on BOOTUP only.

Thanks


All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81}\ not found.
Registry value HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-527237240-920026266-854245398-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {C946EF6D-296D-4907-A6E1-ED0E8E5AF024}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C946EF6D-296D-4907-A6E1-ED0E8E5AF024}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {E473A65C-8087-49A3-AFFD-C5BC4A10669B}
C:\WINDOWS\Downloaded Program Files\qsp2ie.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E473A65C-8087-49A3-AFFD-C5BC4A10669B}\ not found.
C:\Documents and Settings\Louis\Application Data\redline2stapler.tmp deleted successfully.
C:\WINDOWS\system32\mkghj.dll moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\Louis\Application Data\Viewpoint folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Louis
->Temp folder emptied: 75366 bytes
->Temporary Internet Files folder emptied: 74873524 bytes
->Java cache emptied: 2040 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 10045 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 934 bytes

Total Files Cleaned = 72.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Louis
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 01282011_232919

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
COMODO System-Cleaner
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
Mozilla Firefox (2.0.) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
 
I keep getting a Jusched,exe IE explorer problem that the system wants to report to microsoft on BOOTUP only
Click to expand...
Disable jusched.exe. It's unnecessary startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

==========================================================================

Uninstall Firefox. Version 2 is obsolete and thus dangerous.
If you still want to use Firefox, install the latest 3.6.13 version.

========================================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Cannot remove Adobe 8.25. Have not proceeded past that point

1) Uninstalled Firefox & Java popup is gone.

2) Catch 22 for removing adobe. Tried to run new version and it keeps getting hung up trying to uninstall ver 8.25 automatically itself during the installation (see below for error prompt). So I tried instead to uninstall v8.25 via add/remove programs first (before installing new one) and get the same exact error below

Error 1402 - Could not open key
Hkey_local_machine\software\microsoft\windows\current version\run\compoments\MSFS.
Verify that you have sufficient access to that key or contact your support personnel

When i cancel out during add/remove I get Fatal Error during Installation

Now, If I go into the registry (which I know how to do and are fairly comfortable with) I can get to that key and it says Default REG_SZ (value not set).

So, I have not performed anything else you requested after this point. The only way I can get to the administrator sign in (if needed) is via safemode if that is what it will take to remove 8.25. If I log off the only user choice is me on normal startup.
 
Same thing

Revo ran into the same exact problem during uninstall. Once it got to that point it endlessly keeps trying after you acknowledge the error. I also, tried to "repair" 8.25 (thinking it might fix the registry item) and when it got to that point to install it in the registry it gave me the same error. Do you think deleting the registry item will correct it assuming it is used for this program only, then "repairing" program first to reinstall it properly before trying uninstall again?

I will pick up your next reply in the morning. Thank you. Good night. (1:00AM EST).
 
It looks like a permission problem.
Open registry editor, navigate to:
Hkey_local_machine\software\microsoft\windows\current version\run\compoments\MSFS
Right click on MSFS key, click "Permissions" and make sure, you have full control of that key.
 
Now Windows Installer cannot be accessed

Not only did I add myself to that file but I added myself to all the key categories in the registry since I am the only user and administrator.

Next, I went to load the new adobe (that should delete the old one too) and now i am getting

Windows Installer cannot be accessed.

So, something corrupted the installer file. I know that when I ran REVO last night the first time it created a restore point! So, the installer error is stopping the removal of the old via add/delete and installing the new version.

Also, my windows search opens but I cannot see all the categories on the left panel as before. Something happened last night and I am not sure what it is. Do you think the restore point by REVO may have made these changes to windows. Maybe i should restore back to the settings just before REVO was installed (still after the removal of problems, then give myself permission and see what happens from there.
 
Maybe i should restore back to the settings just before REVO was installed (still after the removal of problems, then give myself permission and see what happens from there
Click to expand...
Let's do that.
 
I restored back to 4PM EST yesterday (when java update made a restore point)which was when I replied with the two logs and told you no threats were detected in ESET. I had to remove Firefox again, checked Java for the latest update (and is was the latest) and ran the routine to remove all old versioins of Java again. Adobe 8.25 has finally been removed and 10x loaded. All three registry items in the optional components folder needed permission to get this done. windows installer is obviously working but there is still something wrong with windows search. I may have to reload that program from microsoft or attempt to use the recovery console to reload it.

Anyway, i wanted to let you know about the above, before I proceed with the final steps 1-12 you requested starting with running OTL and ending with let you know how the computer is doing. Also, before I proceed which "Tools" are going to be removed? I moved all programs and checklists you requested from the my desktop and place them in a folder on my desktop named Toolkit Fixes to keep up with them. it appears from the next set instuctions that TFC should be kept and not removed

OK let me know if I should proceed with the next 12 steps. Also, any ideas on how to fix/reinstall windows search?
 
Good news :)

Go ahead with 12 steps and let me know what exactly is wrong with search function.
I don't want you to use system restore at this point anymore, because we may start running circles.
 
The windows search screen on the left side used to list the (search toolbar?) and show all of the following:

Search Fliter for everthing
From:
Author:
Date:
Size:
Filename:
Folder:

And the "dog" to click.

Now I have all of the above categories only minimzed in a I inch window that requires moving the tiny slidebar or arrows to the right up/down to see them. The dog is not shown at all. I have a screen shot but cannot paste it.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back