Solved System Check virus

OTL txt cont.

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/08/19 19:04:34 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2003/08/06 14:08:19 | 000,081,676 | ---- | M] () -- C:\WINDOWS\alienware logo_slvr.jpg
[2003/08/06 14:08:19 | 000,081,676 | ---- | M] () -- C:\WINDOWS\alienware_logo_slvr.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2007/08/14 07:51:03 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\Alienware games download store.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2011/05/31 10:37:32 | 003,854,848 | ---- | M] () -- C:\Program Files\AdbeRdrUpd944_all_incr.msp
[2011/05/31 10:32:19 | 012,795,016 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe
[2010/04/27 14:56:25 | 004,169,301 | ---- | M] () -- C:\Program Files\FileZilla_3.3.2.1_win32-setup.exe
[2011/07/16 23:12:40 | 000,683,792 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2011/05/31 10:43:57 | 035,624,744 | ---- | M] (Apple Inc.) -- C:\Program Files\SafariSetup.exe
[2010/02/15 12:55:06 | 001,146,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wlsetup-custom.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/08/19 13:37:40 | 004,718,592 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/08/19 18:25:07 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2010/08/19 13:37:40 | 040,894,464 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/08/19 13:37:40 | 006,553,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/19 21:31:19 | 004,388,721 | R--- | M] (Swearware) -- C:\Documents and Settings\Jazz\Desktop\Allie_S.exe
[2012/01/20 00:09:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jazz\Desktop\OTL.exe
[2012/01/19 22:07:19 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Jazz\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2003/09/22 12:36:46 | 000,013,448 | ---- | M] () -- C:\WINDOWS\M2000Twn.src
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/09/26 20:38:06 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Jazz\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/12 06:39:00 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Jazz\Cookies\desktop.ini
[2012/01/20 00:10:16 | 000,557,056 | ---- | M] () -- C:\Documents and Settings\Jazz\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >
[2005/12/04 18:14:58 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 03:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 21:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 03:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 21:37:24 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 21:37:24 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 21:37:26 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc

< End of report >
 
Extras txt

OTL Extras logfile created on: 1/20/2012 12:10:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jazz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 72.04% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 26.98 Gb Free Space | 24.14% Space Free | Partition Type: NTFS

Computer Name: AREA51 | User Name: Jazz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*

[HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Aspyr\1701 A.D\1701.exe" = C:\Program Files\Aspyr\1701 A.D\1701.exe:*:Enabled:1701 A.D. -- (Related Designs Software GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Giraffic\Veoh_Giraffic.exe" = C:\Program Files\Giraffic\Veoh_Giraffic.exe:*:Enabled:Veoh Giraffic (Agent) -- (Giraffic)
"C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe" = C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe:*:Enabled:Veoh Giraffic (Watchdog) -- (Giraffic)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{18039280-98B7-4C5E-AAC0-10EBC9731033}" = Nero 7 Essentials
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3B0293FF-A9C4-4A41-A0D5-1302429EF0DE}" = Xara Xtreme Pro
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6C3CA595-C639-427A-AD69-0CFD56041762}" = Function Key Controller
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{796CE7A8-37DD-54B3-75CF-E188739B918F}" = TweetDeck
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Artisteer 2" = Artisteer 2
"avast" = avast! Free Antivirus
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"EADM" = EA Download Manager
"Eye Candy 4000" = Alien Skin Eye Candy 4000
"FileZilla Client" = FileZilla Client 3.4.0
"FLV Player" = FLV Player 2.0 (build 25)
"FLVPlayer" = FLV Player 1.3.3
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free FLV Converter_is1" = Free FLV Converter V 6.3.0
"Free Studio_is1" = Free Studio version 4.1
"Giraffic" = Veoh Giraffic Video Accelerator
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"LimeWire" = LimeWire 5.5.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tropico3" = Tropico 3 1.02
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Xara Xtreme Pro 4 e-version UK" = Xara Xtreme Pro 4 e-version
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1783131627-3882024231-2920578519-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2012 4:02:33 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application sdupdate.exe, version 1.6.0.12, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/19/2012 4:59:46 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4ec674b2.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 1:42:43 PM | Computer Name = AREA51 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/19/2012 11:01:31 PM | Computer Name = AREA51 | Source = Application Hang | ID = 1002
Description = Hanging application psi.exe, version 1.5.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2012 11:01:31 PM | Computer Name = AREA51 | Source = Application Hang | ID = 1002
Description = Hanging application psi.exe, version 1.5.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2012 12:23:08 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 1/20/2012 12:23:10 AM | Computer Name = AREA51 | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

[ System Events ]
Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/20/2012 12:26:59 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSnx aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss
Tcpip

Error - 1/20/2012 12:28:26 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/20/2012 12:31:26 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/20/2012 12:41:56 AM | Computer Name = AREA51 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/20/2012 12:45:36 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083

Error - 1/20/2012 12:47:07 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7034
Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/20/2012 1:43:02 AM | Computer Name = AREA51 | Source = Service Control Manager | ID = 7000
Description = The TuneUp Theme Extension service failed to start due to the following
error: %%1083


< End of report >
 
Update

I'm so sorry but I'm going to have to grab a few hours of sleep. I'll check back in first thing in the morning. Thank you so very much for all your help today!

Be back soon!
 
My avast has stopped loading on start up though
Click to expand...
Most likely it needs reinstalling. The infection might have corrupted some file(s).

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O37 - HKU\.DEFAULT\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = mdaw] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\qkm.exe" -a "%1" %*
[2012/01/18 19:21:02 | 000,009,273 | ---- | M] () -- C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0
[2012/01/18 08:45:10 | 000,009,277 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\94923091
[2012/01/18 08:45:10 | 000,009,253 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9
@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3552 bytes -> C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL

I am currently running the OTL fixes as instructed. However, it seems to be stuck. It says its killing processes and not to interrupt, but it's been almost an hour now with no progression. Should I stop the scan or let it be?
 
OTL Fix log

Here is the OTL Fix log. I will move on to the next step in the process. :)

_______

All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\mdaw\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\mdaw\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\Documents and Settings\Jazz\Local Settings\Application Data\c07eade0 moved successfully.
C:\Documents and Settings\NetworkService\Application Data\94923091 moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\4ad316c9 moved successfully.
ADS C:\WINDOWS\alienware_logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINDOWS\alienware logo_slvr.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Jazz
->Temp folder emptied: 626700 bytes
->Temporary Internet Files folder emptied: 1131857 bytes
->Java cache emptied: 573811390 bytes
->FireFox cache emptied: 84963743 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 3265536 bytes
->Flash cache emptied: 842821399 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 6242438 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 10376 bytes
->Flash cache emptied: 3206 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4654439 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 499913 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,449.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jazz
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jazz
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01202012_150357

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Security Check log

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
Secunia PSI
Loaris Trojan Remover 1.2
HijackThis 2.0.2
TuneUp Utilities
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 30
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````
 
FSS Log

Farbar Service Scanner Version: 18-01-2012 01
Ran by Jazz (administrator) on 20-01-2012 at 15:40:26
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) aswTdi(11) Gpc(3) IPSec(5) NetBT(6) PSched(7) s24trans(8) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000B000000060000000700000008000000090000000A000000
IpSec Tag value is correct.

**** End of log ****
 
TFC

The Temp File Cleaner seems to be locked up. It has not progressed past the "stopping running processes" function in approx. 30 minutes. Should I manually restart in safe mode and try again or no? Sorry to be so hesitant but I don't wanna mess anything up. :)
 
TFC Log

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jazz
->Temp folder emptied: 16263479 bytes
->Temporary Internet Files folder emptied: 55717 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 23777486 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 991 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 38.00 mb
 
EST Scan

I have the EST Scan running at the moment. However, I am concerned that my Avast appears to be running from startup. It would not allow me to shut it down from my Taskbar. In addition, when I tried to uninstall it, it would not allow it either. Any suggestions on my course of action with it would be appreciated. My guess is, that when I renamed the execute file to get it to run in the beginning of all this, it altered the function of the above mentioned tasks.
 
ESET Scan log

Here is the ESET Scan Log. Just FYI, the Allie_TR file was a renamed file that I created from my original Loaris Trojan Remover exe file.

__________________________________

C:\Documents and Settings\Jazz\Desktop\Computer Security\Trojan Remover\Allie_tro_.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Program Files\Allie_TR_\Allie_TR-setup.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\Program Files\Allie_TR_\ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Program Files\Loaris\Trojan Remover\ltr.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Programs\VeohWebPlayerSetup_eng.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Programs\Free MP3 Converter\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Programs\FreeFLVConverter\Setup_FreeFlvConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Programs\FreeFLVConverter\Setup_FreeFlvConverterN.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Programs\_Buy Replay AV - Replay Converter\AV Stream Capture Suite SW\RSLSetup.exe probably a variant of Win32/TrojanDownloader.Agent.EMYMIEA trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ReactivateIE.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\Toolbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarBroker.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065453.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065474.exe a variant of Win32/Kryptik.ZCE trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065475.exe a variant of Win32/Kryptik.ZCE trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0065718.sys a variant of Win32/Rootkit.Kryptik.HV trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070178.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070180.dll a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070181.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP498\A0070182.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072396.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072404.exe a variant of Win32/1AntiVirus application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072406.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072407.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072408.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072409.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072410.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072411.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072412.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\System Volume Information\_restore{9BDC47BA-2250-422C-8CD4-CE248C205904}\RP500\A0072413.exe probably a variant of Win32/TrojanDownloader.Agent.EMYMIEA trojan deleted - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
2nd OTL Fix Log

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jazz
->Temp folder emptied: 1299160 bytes
->Temporary Internet Files folder emptied: 790774 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 158828178 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1991 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 154.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Jazz
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jazz
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01202012_201929

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Computer Performance

Upon reboot I have twice gotten an Error Report Popup window for the jusched.exe file.

Also, my administrative tools are still not showing up.

My avast still will not uninstall so that I can reinstall. It also does not autorun upon startup anymore. It runs when I start it manually, but I still can not update it. However, it does say that it's release date was 1/18/2012 at 11 am and the last update attempt was on 1/19/2012 3 am.

One question about the security tool removal...should I remove my SD spybot and just run the Malwarebytes and Avast?
 
Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

my administrative tools are still not showing up.
Click to expand...
Download and run this: http://download.bleepingcomputer.com/grinler/fakehdd/winxp-pro-32bit-sm-reset.exe

My avast still will not uninstall
Click to expand...
Try free version of Revo: http://www.revouninstaller.com/revo_uninstaller_free_download.html

should I remove my SD spybot and just run the Malwarebytes and Avast?
Click to expand...
Yeah, I consider Spybot as a tool of the past.
 
Computer Performance

Ok...got everything resolved except my Avast uninstall, which is just not going anywhere. I'm gonna try it in safe mode.

My control panel, admin tools, start menu etc are back to normal, except I still have some program files that are not showing the subfolders within the start menu. Such as all my adobe products do not show up under the programs\adobe option in my start menu. Any suggestions on how I can restore this?

One more question, I have several programs that run on start up that I would like to stop. How can I do that? I'm leery of attempting something like that without instruction since a friend of mine forbid me from entering "THE BIOS". lol

I can't tell you how much your assistance has meant to me. Thank you so very much!
 
Computer Performance

Well, removing Avast is turning into a real pain. lol I can't do it in safe mode, nor can I manually delete the file folder. Suggestions?
 
Computer Performance

I'm an *****. LOL I'm so sorry. Revo UNINSTALLER ... I get it now. Sheesh it's been a really long day or I'm going brain dead. One or the other, or possibly both! LOL
 
Did you try Revo to uninstall Avast?

I still have some program files that are not showing the subfolders within the start menu
Click to expand...
Some programs may have to be reinstalled.
You can also try my manual HERE

I have several programs that run on start up that I would like to stop
Click to expand...
Download, and install Quick Startup: http://www.glarysoft.com/qs.html
Go File>Export, save report, and paste it into your next post.
 
Computer Performance

I ran Revo Uninstaller and it says it removed avast. When I go to add/remove programs it also says avast has been removed. However, if I look at my program files, the avast files are still there and I get the popup error when I try to delete.

Thank you for the link to your manual. I was able to get my programs back in my start menu.
 
You must log in or register to reply here.

Similar threads

L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
B
Solved Bestprosoft
Replies
23
Views
3K
Broni
Broni

Latest posts

Back