Member Avatar for 73formula

Hello;
I need help with an annoying virus or malware. My search results display correctly, but clicking on any of the urls in the results takes to me usually to a "How To" page or a list of sales sites related back to the searched topic. To get anywhere i've been copying the search result url i want and pasting it in the browser address window to go there. I also get a quick "about:blank" prefix appearing once i leave my homepage and go to either a search or bookmarked page. I'm running Windows XP SP3, the latest version of firefox and recently switched from AVG to Avast. neither of those have corrected the problem. I've followed through on all the items in the sticky, 9 infected items were found by Mbam and removed, but problem persists. logs are below. TIA very much for your assistance.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-22 08:49:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.3.06
Running: vif3jgeb.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afldqpoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEEC79A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAEEC77D0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAEEC7904]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-22 14:51:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160021A rev.3.06
Running: vif3jgeb.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAEEB22B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xAEEBA14E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xAEEBA006]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xAEEBA612]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xAEEBA528]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xAEEB9BD8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAEEB2368]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xAEEBA0E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xAEEB9B10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xAEEB9B78]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAEEB2400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xAEEBA22A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAEEBA6E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xAEEBA1E6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xAEEBA36E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateProcess [0xF77C87DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwTerminateThread [0xF77C8878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys ZwWriteVirtualMemory [0xF77C8914]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEEC79A6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAEEC77D0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAEEC7904]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys

---- EOF - GMER 1.0.15 ----

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/5/2004 2:51:20 PM
System Uptime: 9/23/2011 9:16:38 AM (3 hours ago)
.
Motherboard: | | P4i65G
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | mPGA478 | 2799/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 67.964 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 5 GiB total, 0.952 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2046: 6/25/2011 8:43:09 AM - System Checkpoint
RP2047: 6/27/2011 5:17:51 PM - System Checkpoint
RP2048: 6/29/2011 5:43:41 AM - System Checkpoint
RP2049: 6/30/2011 8:01:18 AM - Software Distribution Service 3.0
RP2050: 7/1/2011 9:08:55 AM - System Checkpoint
RP2051: 7/3/2011 4:42:08 PM - System Checkpoint
RP2052: 7/4/2011 7:01:15 PM - System Checkpoint
RP2053: 7/6/2011 7:35:55 AM - System Checkpoint
RP2054: 7/7/2011 8:45:53 AM - System Checkpoint
RP2055: 7/8/2011 8:46:49 AM - System Checkpoint
RP2056: 7/10/2011 8:36:22 AM - System Checkpoint
RP2057: 7/11/2011 11:00:16 AM - System Checkpoint
RP2058: 7/12/2011 3:51:31 PM - System Checkpoint
RP2059: 7/13/2011 6:22:14 PM - System Checkpoint
RP2060: 7/14/2011 6:32:15 AM - Software Distribution Service 3.0
RP2061: 7/15/2011 7:12:36 AM - System Checkpoint
RP2062: 7/16/2011 7:30:17 AM - System Checkpoint
RP2063: 7/17/2011 8:30:17 AM - System Checkpoint
RP2064: 7/18/2011 9:30:17 AM - System Checkpoint
RP2065: 7/19/2011 10:30:19 AM - System Checkpoint
RP2066: 7/20/2011 11:30:59 AM - System Checkpoint
RP2067: 7/21/2011 4:57:06 PM - System Checkpoint
RP2068: 7/23/2011 7:22:30 AM - System Checkpoint
RP2069: 7/24/2011 12:06:54 PM - System Checkpoint
RP2070: 7/25/2011 2:01:43 PM - System Checkpoint
RP2071: 7/28/2011 8:04:31 AM - System Checkpoint
RP2072: 7/29/2011 9:40:47 AM - System Checkpoint
RP2073: 7/31/2011 7:37:39 AM - System Checkpoint
RP2074: 8/1/2011 8:36:01 AM - System Checkpoint
RP2075: 8/2/2011 8:43:53 AM - System Checkpoint
RP2076: 8/3/2011 9:15:21 AM - System Checkpoint
RP2077: 8/4/2011 4:13:50 PM - System Checkpoint
RP2078: 8/6/2011 8:31:19 AM - System Checkpoint
RP2079: 8/7/2011 9:03:54 AM - System Checkpoint
RP2080: 8/8/2011 10:50:31 AM - System Checkpoint
RP2081: 8/9/2011 11:40:17 PM - System Checkpoint
RP2082: 8/11/2011 11:59:44 AM - System Checkpoint
RP2083: 8/12/2011 6:51:20 AM - Software Distribution Service 3.0
RP2084: 8/12/2011 3:18:48 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP2085: 8/12/2011 3:18:59 PM - Installed AVG 2011
RP2086: 8/12/2011 3:19:46 PM - Installed AVG 2011
RP2087: 8/12/2011 4:14:54 PM - Installed Windows XP KB942288-v3.
RP2088: 8/14/2011 7:38:14 AM - Software Distribution Service 3.0
RP2089: 8/15/2011 9:31:45 AM - System Checkpoint
RP2090: 8/17/2011 7:51:23 AM - System Checkpoint
RP2091: 8/18/2011 8:01:38 AM - System Checkpoint
RP2092: 8/19/2011 9:25:16 AM - System Checkpoint
RP2093: 8/20/2011 9:31:27 AM - System Checkpoint
RP2094: 8/21/2011 3:19:15 PM - System Checkpoint
RP2095: 8/22/2011 5:06:55 PM - System Checkpoint
RP2096: 8/24/2011 7:12:23 AM - Software Distribution Service 3.0
RP2097: 8/25/2011 7:18:37 AM - System Checkpoint
RP2098: 8/26/2011 7:25:36 AM - System Checkpoint
RP2099: 8/27/2011 7:39:31 AM - System Checkpoint
RP2100: 8/28/2011 8:17:07 AM - System Checkpoint
RP2101: 9/1/2011 1:12:57 PM - System Checkpoint
RP2102: 9/2/2011 4:26:18 PM - System Checkpoint
RP2103: 9/3/2011 5:23:15 PM - System Checkpoint
RP2104: 9/4/2011 6:01:18 PM - System Checkpoint
RP2105: 9/5/2011 6:43:33 PM - System Checkpoint
RP2106: 9/6/2011 7:39:38 PM - System Checkpoint
RP2107: 9/7/2011 3:00:45 PM - Software Distribution Service 3.0
RP2108: 9/8/2011 3:12:28 PM - System Checkpoint
RP2109: 9/9/2011 3:34:36 PM - System Checkpoint
RP2110: 9/11/2011 10:20:28 AM - System Checkpoint
RP2111: 9/12/2011 3:31:08 PM - System Checkpoint
RP2112: 9/13/2011 8:03:42 PM - System Checkpoint
RP2113: 9/14/2011 3:00:16 AM - Software Distribution Service 3.0
RP2114: 9/15/2011 8:06:32 AM - System Checkpoint
RP2115: 9/16/2011 9:00:47 AM - System Checkpoint
RP2116: 9/18/2011 8:23:42 AM - System Checkpoint
RP2117: 9/19/2011 1:20:06 PM - System Checkpoint
RP2118: 9/21/2011 8:52:51 AM - System Checkpoint
RP2119: 9/22/2011 7:18:55 AM - Removed AVG 2011
RP2120: 9/22/2011 7:20:03 AM - Removed AVG 2011
RP2121: 9/22/2011 7:31:10 AM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
3DVIA player 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player 11.6
AiO_Scan
AiOSoftware
avast! Free Antivirus
Battlefield 2(TM)
BufferChm
C-Media 3D Audio
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
DVD Solution
Enhanced Multimedia Keyboard Solution
Fax
GdiplusUpgrade
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Diagnostic Assistant
HP Image Zone 4.2
HP Print Diagnostic Utility
HP PSC & OfficeJet 4.2
HP Update
HPIZ Fix2
HPODiscovery
HpSdpAppCoreApp
HPSystemDiagnostics
InfraRecorder
InstantShare
Intel(R) Processor ID Utility
InterVideo WinDVD Player
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.1_02
Java Auto Updater
Java Web Start
Java(TM) 6 Update 19
King of the Hill Teamwarfare Version
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.2.1300
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Plus! Digital Media Edition
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox 6.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Card Reader
NCH Toolbox
Nikon Message Center
NVIDIA Drivers
NVTweak
OmniPass
OpenAL
OpenOffice.org 3.1
overland
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PictureProject
PrintScreen
Prism Video File Converter
ProductContext
PS2
PSShortcutsP
QFolder
QuickProjects
QuickTime
Readme
RealOne Player
RecordNow!
S3Display
S3Gamma2
S3Info2
S3Overlay
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SkinsHP1
Sonic Update Manager
SpamSubtract
swMSM
Tony Hawk HelmetCam
toolkit
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Updates from HP
VideoPad Video Editor
Virtual Earth 3D (Beta)
WebFldrs XP
Weblink
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
9/22/2011 4:07:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SISAGP viaagp1
9/22/2011 3:04:58 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
9/21/2011 8:32:41 AM, error: Service Control Manager [7000] - The hpdjaio service failed to start due to the following error: The system cannot find the file specified.
9/21/2011 8:32:41 AM, error: Service Control Manager [7000] - The Digital Blue DMC2 Video Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/19/2011 3:05:52 PM, error: Service Control Manager [7022] - The AVG WatchDog service hung on starting.
9/19/2011 3:02:13 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Run by Owner at 11:59:55 on 2011-09-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: eTrust EZ Antivirus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
BHO: {03c4ee28-6029-479c-b18c-3b0b6fd0f7c8} - c:\windows\system32\audiosrv32.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} -
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: hp view: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Sunkist2k] c:\program files\multimedia card reader\shwicon2k.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AutoTKit] c:\hp\bin\AUTOTKIT.EXE
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\spamsu~1.lnk - c:\program files\intermute\spamsubtract\SpamSubtract.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\137903\program\BackWeb-137903.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} c:\program files\irfanview\ebay\ebay.htm - c:\program files\irfanview\ebay\ebay.htm\inprocserver32 does not exist!
LSP: SpSubLSP.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.538900463
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
TCP: Interfaces\{5B066DD9-2949-4283-9E55-04E563DB8AAA} : DhcpNameServer = 207.172.3.8 207.172.3.9
TCP: Interfaces\{5FC5314D-D8AB-4F6F-BF6E-4D455D85C68E} : DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\default.1ky\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\default.1ky\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\default.1ky\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-22 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-22 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-22 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-22 44768]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [2009-9-10 508304]
S2 hpdjaio;hpdjaio;c:\docume~1\owner\locals~1\temp\hpdjaio.exe -servicerunning=true -uninstall=hp psc 2400 series -product=aio --> c:\docume~1\owner\locals~1\temp\hpdjaio.exe -servicerunning=true -uninstall=hp psc 2400 series -product=aio [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2004-1-6 55808]
S3 SMALUSB;Digital Camera Driver;c:\windows\system32\drivers\smalidt.sys [2005-8-15 9216]
.
=============== Created Last 30 ================
.
2011-09-22 20:04:17 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-09-22 19:55:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-22 19:55:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-22 19:55:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 12:32:30 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-22 12:31:41 41184 ----a-w- c:\windows\avastSS.scr
2011-09-22 12:31:10 -------- d-----w- c:\program files\AVAST Software
2011-09-22 12:31:10 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-09-12 05:18:10 1409 ----a-w- c:\windows\QTFont.for
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-12 19:51:39 0 ---ha-w- c:\documents and settings\owner\agebwawpnl.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2004-08-10 04:30:22 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 12:01:35.10 ===============

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7775

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/22/2011 4:04:39 PM
mbam-log-2011-09-22 (16-04-39).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 257287
Time elapsed: 39 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP2113\A0280597.exe (PUP.Dropper.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP2113\A0280598.exe (PUP.Dropper.Gen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{f2681a7d-91e5-401a-ac8b-015335799dc0}\RP2113\A0280602.exe (PUP.Dropper.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000658b7a631406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000658b7a631406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000658b7a631406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000658b7a631406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

  • 2 Contributors
  • 16 Replies
  • 363 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by crunchie
Member Avatar for crunchie

Hi and welcome to the Daniweb forums :).

==========

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

=========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Member Avatar for 73formula

Thank you Crunchie; as always Daniweb and its members rock ...I've changed e-mail and lsot password, so this is a new account for me, but you've helped me in the past a few years ago. anyway, Kaspersky found nothing, I posted with the report, but for some reason, that post didn't show up here in the thread. I ran OTL, logs are below. I'll re-run Kaspersky and post the report... Thank you again ...


OTL logfile created on: 9/23/2011 6:58:44 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.31% Memory free
3.81 Gb Paging File | 3.53 Gb Available in Paging File | 92.84% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.74 Gb Total Space | 67.91 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive E: | 5.29 Gb Total Space | 0.95 Gb Free Space | 18.00% Space Free | Partition Type: FAT32

Computer Name: WARBIRD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 18:53:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2004/05/28 23:08:52 | 000,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/05/28 22:31:38 | 000,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/08/23 22:34:34 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
PRC - [2003/08/09 10:27:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/21 19:52:06 | 000,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/23 16:33:57 | 001,576,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092301\algo.dll
MOD - [2011/09/23 11:41:29 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092301\aswRep.dll
MOD - [2011/09/23 05:50:01 | 001,574,912 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092300\algo.dll
MOD - [2011/09/22 09:07:21 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092300\aswRep.dll
MOD - [2010/10/06 03:01:48 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f7ac6fa7\mscorlib.dll
MOD - [2010/10/06 03:01:43 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ea9c670e\system.drawing.dll
MOD - [2010/10/06 03:01:36 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1d176f8d\system.xml.dll
MOD - [2010/10/06 03:01:29 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7c961322\system.windows.forms.dll
MOD - [2010/10/06 03:01:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2d875838\system.dll
MOD - [2010/10/06 03:01:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2005/06/04 07:06:33 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/06/04 07:06:32 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/06/04 07:06:31 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2004/12/26 20:34:38 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2004/12/07 13:39:44 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2004/12/07 13:39:44 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2004/12/07 13:39:42 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2004/12/07 13:39:23 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2004/12/07 13:39:10 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2004/12/07 13:39:10 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2004/12/07 13:39:10 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2004/12/07 13:39:10 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2004/12/07 13:39:10 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2004/12/07 13:39:10 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2004/12/07 13:39:10 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2004/12/07 13:39:10 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2004/12/07 13:39:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2004/12/07 13:39:10 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2004/12/07 13:39:10 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2004/12/07 13:39:10 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2004/12/07 13:39:10 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2004/12/07 13:38:22 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2004/12/07 13:38:22 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2004/12/07 13:38:22 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2004/12/07 13:38:22 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2004/12/07 13:38:22 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2004/12/07 13:38:22 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2003/08/23 22:34:34 | 000,143,360 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\bwfiles.dll
MOD - [2003/08/23 22:34:34 | 000,094,208 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\FrExt.dll
MOD - [2003/08/23 22:34:34 | 000,053,248 | ---- | M] () -- C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\clntutil.dll
MOD - [2003/08/23 22:34:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\frext-137903.dll
MOD - [2003/08/23 22:34:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BWfiles-137903.dll
MOD - [2003/08/23 22:34:34 | 000,016,384 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
MOD - [2003/08/23 22:34:32 | 000,053,248 | ---- | M] () -- C:\Program Files\Updates from HP\137903\Program\HPClientExt.dll
MOD - [2003/08/23 08:55:10 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2003/08/23 08:16:18 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
MOD - [2003/02/21 05:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2003/02/21 05:49:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (hpdjaio)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/01/27 19:06:30 | 000,508,304 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2004/10/05 08:14:39 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/01/28 08:09:36 | 000,026,624 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiNtBus)
DRV - [2004/01/28 08:09:34 | 000,015,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2004/01/06 10:14:28 | 000,055,808 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2003/12/05 13:46:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/11 11:22:54 | 000,040,228 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/05/14 17:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/03/31 23:29:42 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/05/31 13:57:52 | 000,009,216 | ---- | M] (SMaL Camera Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smalidt.sys -- (SMALUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 EE C4 03 29 60 9C 47 B1 8C 3B 0B 6F D0 F7 C8 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/12/24 20:13:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/22 07:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 16:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 06:30:39 | 000,000,000 | ---D | M]

[2008/08/28 18:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/08/17 13:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions
[2006/10/26 20:34:00 | 000,000,000 | ---D | M] (Saferfox Xpanded) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{00D4154F-96D3-41ff-8E8E-113596D8670B}
[2010/04/27 06:16:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 13:46:50 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/14 21:30:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}
[2006/10/26 20:34:00 | 000,000,000 | ---D | M] (Modern Pinball) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2005/05/20 22:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\temp
[2011/05/10 15:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/09 16:28:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2001/06/17 19:08:26 | 000,063,057 | ---- | M] (MeadCo Corp.) -- C:\Program Files\mozilla firefox\plugins\npmeadax.dll
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/05/11 06:30:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2007/11/11 17:43:18 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {03C4EE28-6029-479C-B18C-3B0B6FD0F7C8} - C:\WINDOWS\system32\audiosrv32.dll File not found
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup File not found
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10q_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.538900463 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B066DD9-2949-4283-9E55-04E563DB8AAA}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FC5314D-D8AB-4F6F-BF6E-4D455D85C68E}: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Documents\My Pictures\KV 1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Documents\My Pictures\KV 1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/06 17:57:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{55666b5a-ced4-11d8-bf49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{55666b5a-ced4-11d8-bf49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55666b5a-ced4-11d8-bf49-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/23 18:53:49 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/23 18:48:48 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/09/22 15:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/22 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 14:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/22 14:55:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/22 14:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/22 14:54:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/22 08:44:55 | 014,507,464 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v4.0.exe
[2011/09/22 08:43:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/22 08:42:51 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/09/22 07:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/09/22 07:32:36 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/22 07:32:36 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/22 07:32:31 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/22 07:32:31 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/22 07:32:30 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/22 07:32:29 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/22 07:32:29 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/22 07:32:28 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/22 07:31:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/22 07:31:39 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/22 07:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/22 07:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/06 15:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\latest pics
[2011/09/03 05:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/23 18:53:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/23 18:35:09 | 000,022,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/23 18:35:04 | 000,001,404 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/09/23 18:34:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/23 18:33:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/23 18:33:50 | 2146,291,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/23 07:43:34 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/09/22 14:55:39 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 14:54:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/22 08:45:05 | 014,507,464 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v4.0.exe
[2011/09/22 08:43:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vif3jgeb.exe
[2011/09/22 08:43:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/22 08:42:52 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
[2011/09/22 07:32:37 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/22 07:32:30 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/22 07:28:51 | 058,948,168 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/09/17 05:49:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/14 07:19:04 | 000,016,268 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\b_560x95.png
[2011/09/14 03:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/12 00:18:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/06 19:01:24 | 000,155,842 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\St. Jane's CYO Waiver Form (1).pdf
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 15:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/06 15:32:24 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2011/09/06 14:20:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 08:39:31 | 000,387,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\packit-book-download.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/22 14:55:39 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 08:43:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vif3jgeb.exe
[2011/09/22 07:32:37 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/22 07:28:05 | 058,948,168 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/09/14 07:19:03 | 000,016,268 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\b_560x95.png
[2011/09/12 00:18:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/12 00:18:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/06 19:01:24 | 000,155,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\St. Jane's CYO Waiver Form (1).pdf
[2011/08/28 08:33:57 | 000,387,985 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\packit-book-download.pdf
[2010/07/18 15:20:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/03/26 14:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/02/16 18:18:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2010/02/02 09:52:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/12/05 11:38:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2009/09/10 16:15:36 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext504.ini
[2009/01/10 12:23:59 | 000,103,703 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/01/10 12:23:59 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/01/10 12:12:07 | 000,103,703 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2008/09/09 08:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/09/02 12:43:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/11 11:24:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/11/28 22:12:04 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/11/13 09:38:33 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2007/11/11 17:38:16 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2007/11/11 17:38:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2007/11/11 17:38:16 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2007/10/25 22:44:39 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/25 22:44:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/10/25 22:44:26 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/03/07 23:20:07 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2007/03/07 23:20:07 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2007/03/07 23:19:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/03/07 23:19:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/03/07 23:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007/03/07 23:19:42 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2007/03/07 23:19:42 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2007/03/07 23:19:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/03/07 23:16:30 | 000,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/03/07 23:16:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/07 22:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2007/01/31 21:51:58 | 000,112,777 | ---- | C] () -- C:\WINDOWS\System32\GMTUninstall2.exe
[2007/01/09 18:55:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/30 22:56:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/07 15:15:04 | 000,001,231 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/04/14 04:26:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/07 22:05:29 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/10/25 08:27:19 | 000,002,146 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/10/14 21:57:21 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/10/14 21:57:21 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/08/15 07:14:59 | 000,000,667 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/07/27 13:25:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/07/27 13:25:43 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/09 18:25:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/04/22 07:58:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/24 08:32:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/01/02 13:15:56 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/12/07 22:21:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xfire_lsp_10650.dll
[2004/12/03 10:34:54 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2004/12/03 10:34:54 | 000,028,899 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2004/10/21 20:17:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/12 17:02:21 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/07 21:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/07/07 21:50:58 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/07/07 21:50:41 | 000,006,993 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/07/05 17:53:37 | 000,001,249 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/07/05 16:56:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/07/05 16:56:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/07/05 16:56:24 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/07/05 16:56:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/07/05 16:56:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/05 16:55:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/07/05 16:55:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/07/05 16:55:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/07/05 16:55:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/05 15:06:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/28 22:35:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/28 22:19:10 | 000,002,162 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/08/23 22:36:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/23 22:34:35 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/08/23 22:33:23 | 000,026,395 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/23 22:32:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/23 22:32:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/23 09:25:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/23 09:25:15 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/23 09:12:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/08/23 09:01:26 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/08/23 09:01:21 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/08/23 09:01:21 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/08/23 08:54:38 | 000,014,598 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/08/23 08:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/08/23 08:37:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/08/23 08:37:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/08/23 08:19:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/23 08:11:57 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/23 08:11:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/23 08:11:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/23 07:57:05 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/23 07:55:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/23 07:51:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/23 07:42:24 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/23 07:42:05 | 000,444,230 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/23 07:42:05 | 000,072,826 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/23 00:46:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/23 00:46:00 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/24 00:56:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/24 00:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/06/23 20:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 10:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 10:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/10/26 16:22:20 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/13 17:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/10/26 16:22:20 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/13 17:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 04:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/10/26 16:22:20 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/13 17:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 14:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/10/26 16:22:20 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/13 17:23:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 04:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0023\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2003/08/23 00:45:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/08/23 00:45:19 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/23 00:45:19 | 000,385,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


OTL Extras logfile created on: 9/23/2011 6:58:44 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 78.31% Memory free
3.81 Gb Paging File | 3.53 Gb Available in Paging File | 92.84% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.74 Gb Total Space | 67.91 Gb Free Space | 47.24% Space Free | Partition Type: NTFS
Drive E: | 5.29 Gb Total Space | 0.95 Gb Free Space | 18.00% Space Free | Partition Type: FAT32

Computer Name: WARBIRD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe" = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe:*:Enabled:SpamSubtract -- (interMute, Inc.)
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe" = C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942
"C:\Program Files\Xfire\ua_lsp_inst.exe" = C:\Program Files\Xfire\ua_lsp_inst.exe:*:Enabled:ua_lsp_inst
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903 -- ()
"C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2 Demo\BF2.exe:*:Enabled:Battlefield 2
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG9\avgui.exe" = C:\Program Files\AVG\AVG9\avgui.exe:*:Enabled:AVG Free User Interface
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{193DD0DC-004A-4545-A301-E4A7335C8E41}" = 2400
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D385DF-53BA-4792-BED3-68132EEB488F}" = NVTweak
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = H

Edited by 73formula because: n/a
Member Avatar for 73formula

OTL log file gave me a "text has changed" message before closing, smilies in previous post???? don't know if i did something by accident??? lol going to try and re-open and edit the above post.

Kaspersky report:

19:39:03.0125 2560 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
19:39:03.0406 2560 ============================================================
19:39:03.0406 2560 Current date / time: 2011/09/23 19:39:03.0406
19:39:03.0406 2560 SystemInfo:
19:39:03.0406 2560
19:39:03.0406 2560 OS Version: 5.1.2600 ServicePack: 3.0
19:39:03.0406 2560 Product type: Workstation
19:39:03.0406 2560 ComputerName: WARBIRD
19:39:03.0406 2560 UserName: Owner
19:39:03.0406 2560 Windows directory: C:\WINDOWS
19:39:03.0406 2560 System windows directory: C:\WINDOWS
19:39:03.0406 2560 Processor architecture: Intel x86
19:39:03.0406 2560 Number of processors: 2
19:39:03.0406 2560 Page size: 0x1000
19:39:03.0406 2560 Boot type: Normal boot
19:39:03.0406 2560 ============================================================
19:39:04.0500 2560 Initialize success
19:46:23.0890 2240 ============================================================
19:46:23.0890 2240 Scan started
19:46:23.0890 2240 Mode: Manual;
19:46:23.0890 2240 ============================================================
19:46:24.0703 2240 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
19:46:24.0703 2240 Aavmker4 - ok
19:46:24.0812 2240 Abiosdsk - ok
19:46:24.0875 2240 abp480n5 - ok
19:46:25.0031 2240 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:46:25.0031 2240 ACPI - ok
19:46:25.0171 2240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:46:25.0171 2240 ACPIEC - ok
19:46:25.0250 2240 adpu160m - ok
19:46:25.0375 2240 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:46:25.0375 2240 aec - ok
19:46:25.0531 2240 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
19:46:25.0531 2240 AFD - ok
19:46:25.0593 2240 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys
19:46:25.0609 2240 AFS2K - ok
19:46:25.0734 2240 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:46:25.0734 2240 agp440 - ok
19:46:25.0796 2240 Aha154x - ok
19:46:25.0937 2240 aic78u2 - ok
19:46:26.0031 2240 aic78xx - ok
19:46:26.0125 2240 ALCXSENS - ok
19:46:26.0437 2240 ALCXWDM - ok
19:46:26.0578 2240 AliIde - ok
19:46:26.0687 2240 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
19:46:26.0687 2240 AmdK7 - ok
19:46:26.0765 2240 amsint - ok
19:46:26.0828 2240 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:46:26.0828 2240 Arp1394 - ok
19:46:26.0937 2240 asc - ok
19:46:26.0984 2240 asc3350p - ok
19:46:27.0078 2240 asc3550 - ok
19:46:27.0187 2240 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:46:27.0187 2240 aswFsBlk - ok
19:46:27.0281 2240 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
19:46:27.0281 2240 aswMon2 - ok
19:46:27.0375 2240 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
19:46:27.0375 2240 aswRdr - ok
19:46:27.0515 2240 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
19:46:27.0531 2240 aswSnx - ok
19:46:27.0671 2240 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
19:46:27.0671 2240 aswSP - ok
19:46:27.0796 2240 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
19:46:27.0796 2240 aswTdi - ok
19:46:27.0937 2240 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:46:27.0937 2240 AsyncMac - ok
19:46:28.0078 2240 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:46:28.0078 2240 atapi - ok
19:46:28.0203 2240 Atdisk - ok
19:46:28.0296 2240 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:46:28.0296 2240 Atmarpc - ok
19:46:28.0437 2240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:46:28.0437 2240 audstub - ok
19:46:28.0546 2240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:46:28.0546 2240 Beep - ok
19:46:28.0703 2240 Ca50xav (6a9a0dcaeef488bb872b7fca33aed3c2) C:\WINDOWS\system32\Drivers\Ca50xav.sys
19:46:28.0718 2240 Ca50xav - ok
19:46:28.0843 2240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:46:28.0843 2240 cbidf2k - ok
19:46:28.0953 2240 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:46:28.0953 2240 CCDECODE - ok
19:46:29.0046 2240 cd20xrnt - ok
19:46:29.0156 2240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:46:29.0156 2240 Cdaudio - ok
19:46:29.0296 2240 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:46:29.0296 2240 Cdfs - ok
19:46:29.0453 2240 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:46:29.0453 2240 Cdrom - ok
19:46:29.0578 2240 Changer - ok
19:46:29.0687 2240 CmdIde - ok
19:46:29.0843 2240 cmuda (e5adeef2c0db43964223f408f1fcc97e) C:\WINDOWS\system32\drivers\cmuda.sys
19:46:29.0859 2240 cmuda - ok
19:46:29.0984 2240 Cpqarray - ok
19:46:30.0062 2240 dac2w2k - ok
19:46:30.0156 2240 dac960nt - ok
19:46:30.0250 2240 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:46:30.0250 2240 Disk - ok
19:46:30.0437 2240 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:46:30.0437 2240 dmboot - ok
19:46:30.0578 2240 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:46:30.0578 2240 dmio - ok
19:46:30.0703 2240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:46:30.0703 2240 dmload - ok
19:46:30.0812 2240 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:46:30.0812 2240 DMusic - ok
19:46:30.0937 2240 dpti2o - ok
19:46:31.0031 2240 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:46:31.0031 2240 drmkaud - ok
19:46:31.0187 2240 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:46:31.0203 2240 Fastfat - ok
19:46:31.0343 2240 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:46:31.0343 2240 Fdc - ok
19:46:31.0500 2240 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:46:31.0500 2240 Fips - ok
19:46:31.0609 2240 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:46:31.0609 2240 Flpydisk - ok
19:46:31.0703 2240 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:46:31.0703 2240 FltMgr - ok
19:46:31.0859 2240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:46:31.0875 2240 Fs_Rec - ok
19:46:31.0984 2240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:46:32.0000 2240 Ftdisk - ok
19:46:32.0140 2240 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:46:32.0140 2240 Gpc - ok
19:46:32.0296 2240 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:46:32.0296 2240 HidUsb - ok
19:46:32.0406 2240 hpn - ok
19:46:32.0500 2240 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:46:32.0500 2240 HPZid412 - ok
19:46:32.0656 2240 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:46:32.0656 2240 HPZipr12 - ok
19:46:32.0812 2240 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:46:32.0812 2240 HPZius12 - ok
19:46:32.0937 2240 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:46:32.0937 2240 HTTP - ok
19:46:33.0031 2240 i2omgmt - ok
19:46:33.0125 2240 i2omp - ok
19:46:33.0250 2240 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:46:33.0250 2240 i8042prt - ok
19:46:33.0390 2240 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:46:33.0390 2240 ialm - ok
19:46:33.0500 2240 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:46:33.0515 2240 Imapi - ok
19:46:33.0640 2240 ini910u - ok
19:46:33.0734 2240 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
19:46:33.0734 2240 IntelIde - ok
19:46:33.0875 2240 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:46:33.0875 2240 intelppm - ok
19:46:33.0968 2240 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:46:33.0968 2240 ip6fw - ok
19:46:34.0093 2240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:46:34.0093 2240 IpFilterDriver - ok
19:46:34.0187 2240 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:46:34.0203 2240 IpInIp - ok
19:46:34.0328 2240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:46:34.0328 2240 IpNat - ok
19:46:34.0468 2240 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:46:34.0484 2240 IPSec - ok
19:46:34.0625 2240 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:46:34.0625 2240 IRENUM - ok
19:46:34.0750 2240 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:46:34.0765 2240 isapnp - ok
19:46:34.0906 2240 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:46:34.0906 2240 Kbdclass - ok
19:46:35.0062 2240 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:46:35.0062 2240 kbdhid - ok
19:46:35.0140 2240 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:46:35.0140 2240 kmixer - ok
19:46:35.0281 2240 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:46:35.0281 2240 KSecDD - ok
19:46:35.0375 2240 lbrtfdc - ok
19:46:35.0484 2240 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
19:46:35.0500 2240 ltmodem5 - ok
19:46:35.0609 2240 MBAMSwissArmy - ok
19:46:35.0718 2240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:35.0734 2240 mnmdd - ok
19:46:35.0875 2240 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:46:35.0875 2240 Modem - ok
19:46:36.0015 2240 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:36.0015 2240 Mouclass - ok
19:46:36.0140 2240 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:36.0140 2240 mouhid - ok
19:46:36.0281 2240 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:36.0281 2240 MountMgr - ok
19:46:36.0421 2240 mraid35x - ok
19:46:36.0546 2240 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:36.0546 2240 MRxDAV - ok
19:46:36.0718 2240 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:36.0718 2240 MRxSmb - ok
19:46:36.0875 2240 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:46:36.0875 2240 Msfs - ok
19:46:37.0031 2240 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:37.0031 2240 MSKSSRV - ok
19:46:37.0125 2240 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:37.0125 2240 MSPCLOCK - ok
19:46:37.0281 2240 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:37.0281 2240 MSPQM - ok
19:46:37.0406 2240 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:37.0406 2240 mssmbios - ok
19:46:37.0500 2240 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:46:37.0500 2240 MSTEE - ok
19:46:37.0640 2240 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:46:37.0640 2240 Mup - ok
19:46:37.0765 2240 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:46:37.0765 2240 NABTSFEC - ok
19:46:37.0906 2240 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:46:37.0921 2240 NDIS - ok
19:46:38.0062 2240 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:46:38.0062 2240 NdisIP - ok
19:46:38.0203 2240 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:38.0203 2240 NdisTapi - ok
19:46:38.0328 2240 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:38.0328 2240 Ndisuio - ok
19:46:38.0468 2240 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:38.0484 2240 NdisWan - ok
19:46:38.0609 2240 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:38.0609 2240 NDProxy - ok
19:46:38.0703 2240 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:38.0703 2240 NetBIOS - ok
19:46:38.0859 2240 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:38.0859 2240 NetBT - ok
19:46:39.0015 2240 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:46:39.0031 2240 NIC1394 - ok
19:46:39.0171 2240 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:46:39.0171 2240 Npfs - ok
19:46:39.0281 2240 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:39.0281 2240 Ntfs - ok
19:46:39.0437 2240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:46:39.0437 2240 Null - ok
19:46:39.0671 2240 nv (348e723c32d7bda6d3e399b711c3d84a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:46:39.0703 2240 nv - ok
19:46:39.0843 2240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:39.0843 2240 NwlnkFlt - ok
19:46:39.0937 2240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:39.0937 2240 NwlnkFwd - ok
19:46:40.0078 2240 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:46:40.0078 2240 ohci1394 - ok
19:46:40.0156 2240 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:40.0171 2240 Parport - ok
19:46:40.0312 2240 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:40.0312 2240 PartMgr - ok
19:46:40.0453 2240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:40.0453 2240 ParVdm - ok
19:46:40.0593 2240 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:40.0609 2240 PCI - ok
19:46:40.0656 2240 PCIDump - ok
19:46:40.0750 2240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:40.0750 2240 PCIIde - ok
19:46:40.0890 2240 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:46:40.0890 2240 Pcmcia - ok
19:46:40.0953 2240 PDCOMP - ok
19:46:41.0015 2240 PDFRAME - ok
19:46:41.0078 2240 PDRELI - ok
19:46:41.0203 2240 PDRFRAME - ok
19:46:41.0265 2240 perc2 - ok
19:46:41.0359 2240 perc2hib - ok
19:46:41.0453 2240 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
19:46:41.0453 2240 pfc - ok
19:46:41.0609 2240 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:41.0609 2240 PptpMiniport - ok
19:46:41.0703 2240 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:46:41.0703 2240 Processor - ok
19:46:41.0859 2240 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
19:46:41.0859 2240 Ps2 - ok
19:46:41.0984 2240 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:41.0984 2240 PSched - ok
19:46:42.0125 2240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:42.0125 2240 Ptilink - ok
19:46:42.0265 2240 PxHelp20 (80c824c78dd1cac1833ae5dcca02b327) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
19:46:42.0265 2240 PxHelp20 - ok
19:46:42.0328 2240 ql1080 - ok
19:46:42.0453 2240 Ql10wnt - ok
19:46:42.0515 2240 ql12160 - ok
19:46:42.0625 2240 ql1240 - ok
19:46:42.0718 2240 ql1280 - ok
19:46:42.0812 2240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:42.0812 2240 RasAcd - ok
19:46:42.0968 2240 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:42.0968 2240 Rasl2tp - ok
19:46:43.0093 2240 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:43.0093 2240 RasPppoe - ok
19:46:43.0250 2240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:43.0250 2240 Raspti - ok
19:46:43.0390 2240 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:43.0406 2240 Rdbss - ok
19:46:43.0546 2240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:43.0562 2240 RDPCDD - ok
19:46:43.0703 2240 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:43.0703 2240 RDPWD - ok
19:46:43.0843 2240 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:43.0843 2240 redbook - ok
19:46:43.0984 2240 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
19:46:43.0984 2240 rtl8139 - ok
19:46:44.0078 2240 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
19:46:44.0093 2240 S3Psddr - ok
19:46:44.0218 2240 SaiH0464 (a9eb76c0638250208f8261ac3050656e) C:\WINDOWS\system32\DRIVERS\SaiH0464.sys
19:46:44.0218 2240 SaiH0464 - ok
19:46:44.0328 2240 SaiMini (af8fba63bf9493d1d2d6a9256dce4df3) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
19:46:44.0328 2240 SaiMini - ok
19:46:44.0468 2240 SaiNtBus (ccc2eeb8bdaa2d5343786e6f50f9536f) C:\WINDOWS\system32\drivers\SaiNtBus.sys
19:46:44.0484 2240 SaiNtBus - ok
19:46:44.0625 2240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:44.0640 2240 Secdrv - ok
19:46:44.0781 2240 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:46:44.0781 2240 Serenum - ok
19:46:44.0921 2240 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:46:44.0921 2240 Serial - ok
19:46:45.0062 2240 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:45.0062 2240 Sfloppy - ok
19:46:45.0187 2240 Simbad - ok
19:46:45.0296 2240 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
19:46:45.0296 2240 SiS315 - ok
19:46:45.0421 2240 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
19:46:45.0421 2240 SISAGP - ok
19:46:45.0531 2240 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys
19:46:45.0546 2240 SiSkp - ok
19:46:45.0687 2240 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:46:45.0687 2240 SLIP - ok
19:46:45.0812 2240 SMALUSB (9f9028adede4b16c931f228b9d3516a4) C:\WINDOWS\system32\DRIVERS\smalidt.sys
19:46:45.0812 2240 SMALUSB - ok
19:46:45.0906 2240 Sparrow - ok
19:46:46.0000 2240 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:46:46.0015 2240 splitter - ok
19:46:46.0171 2240 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:46.0171 2240 sr - ok
19:46:46.0328 2240 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:46.0328 2240 Srv - ok
19:46:46.0484 2240 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:46:46.0484 2240 streamip - ok
19:46:46.0625 2240 SunkFilt (a3df1466aafdc62b21765072c5edaa9a) C:\WINDOWS\System32\Drivers\sunkfilt.sys
19:46:46.0625 2240 SunkFilt - ok
19:46:46.0703 2240 Sunkfiltp - ok
19:46:46.0828 2240 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:46.0828 2240 swenum - ok
19:46:46.0968 2240 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:46:46.0968 2240 swmidi - ok
19:46:47.0078 2240 symc810 - ok
19:46:47.0171 2240 symc8xx - ok
19:46:47.0234 2240 sym_hi - ok
19:46:47.0328 2240 sym_u3 - ok
19:46:47.0437 2240 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:47.0437 2240 sysaudio - ok
19:46:47.0609 2240 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:47.0609 2240 Tcpip - ok
19:46:47.0750 2240 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:47.0765 2240 TDPIPE - ok
19:46:47.0906 2240 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:47.0906 2240 TDTCP - ok
19:46:48.0046 2240 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:48.0046 2240 TermDD - ok
19:46:48.0140 2240 TosIde - ok
19:46:48.0265 2240 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:46:48.0281 2240 Udfs - ok
19:46:48.0375 2240 ultra - ok
19:46:48.0484 2240 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:46:48.0500 2240 Update - ok
19:46:48.0609 2240 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:46:48.0609 2240 usbaudio - ok
19:46:48.0734 2240 USBCamera (2038824260efdffa6f78d9bef767622d) C:\WINDOWS\system32\Drivers\Bulk50x.sys
19:46:48.0734 2240 USBCamera - ok
19:46:48.0843 2240 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:48.0843 2240 usbccgp - ok
19:46:48.0984 2240 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:48.0984 2240 usbehci - ok
19:46:49.0078 2240 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:49.0078 2240 usbhub - ok
19:46:49.0218 2240 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:46:49.0234 2240 usbohci - ok
19:46:49.0359 2240 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:49.0359 2240 usbprint - ok
19:46:49.0515 2240 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:49.0515 2240 usbscan - ok
19:46:49.0640 2240 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:49.0640 2240 USBSTOR - ok
19:46:49.0781 2240 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:49.0781 2240 usbuhci - ok
19:46:49.0906 2240 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:46:49.0906 2240 VgaSave - ok
19:46:50.0031 2240 viaagp1 (0e3e3fae3a0a58b8d936a8e841a17d16) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
19:46:50.0031 2240 viaagp1 - ok
19:46:50.0125 2240 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
19:46:50.0125 2240 ViaIde - ok
19:46:50.0265 2240 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:50.0265 2240 VolSnap - ok
19:46:50.0437 2240 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:50.0437 2240 Wanarp - ok
19:46:50.0562 2240 WDICA - ok
19:46:50.0656 2240 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:50.0656 2240 wdmaud - ok
19:46:50.0859 2240 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:46:50.0859 2240 WS2IFSL - ok
19:46:50.0968 2240 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:46:50.0968 2240 WSTCODEC - ok
19:46:51.0109 2240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:51.0109 2240 WudfPf - ok
19:46:51.0218 2240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:51.0234 2240 WudfRd - ok
19:46:51.0421 2240 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys
19:46:51.0421 2240 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:46:51.0515 2240 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys
19:46:51.0515 2240 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:46:51.0531 2240 MBR (0x1B8) (b716b775fcbdabf0e2ddff76f15c6790) \Device\Harddisk0\DR0
19:46:51.0531 2240 \Device\Harddisk0\DR0 - ok
19:46:51.0531 2240 Boot (0x1200) (aacba61dd3bb98a32de6fe18e72107c8) \Device\Harddisk0\DR0\Partition0
19:46:51.0531 2240 \Device\Harddisk0\DR0\Partition0 - ok
19:46:51.0562 2240 Boot (0x1200) (6da8195ad8fdeb964a9bb82913a6ee82) \Device\Harddisk0\DR0\Partition1
19:46:51.0562 2240 \Device\Harddisk0\DR0\Partition1 - ok
19:46:51.0562 2240 ============================================================
19:46:51.0562 2240 Scan finished
19:46:51.0562 2240 ============================================================
19:46:51.0578 2664 Detected object count: 0
19:46:51.0578 2664 Actual detected object count: 0

Edited by 73formula because: n/a
Member Avatar for crunchie

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O2 - BHO: (Reg Error: Value error.) - {03C4EE28-6029-479C-B18C-3B0B6FD0F7C8} - C:\WINDOWS\system32\audiosrv32.dll File not found
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE File not found
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
010 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\mswsock.dll File not found
:Commands
[purity]
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post log from this run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Member Avatar for 73formula

I did the above, after reboot, it will open the browser window but gives a completely blank page with "New Tab" at the top. doens't matter what i put in the address bar, it comes up blank. Likewise it will not allow outlook open (I was going to e-mail copy of log file to myself and open and post from the computer I'm presently at now) Also, I have a program that hangs on shutdown, non responsive ending message shows it as "O"

Member Avatar for crunchie

Do you have internet connection on the infected PC, or did running the above lose it?
Try the following if that is the case.

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox, then click Finish.

See if that remedies the problem.

Member Avatar for 73formula

the connection seems valid, computer is shown on the router. the e-mail is timing out on its connection attempts. checked through the network and connection settings, all seem good there. The browser address window comes up completely blank with new tab and blank window each time. I can't get here from there lol. Should I do a restore?

Member Avatar for 73formula

I managed to dl and copy LSPfix over to the infected computer, i ran it without checking the box and the browser is now working (i'm on the infected computer right now) Outlook is still trying to connect without success, going to try a reboot. will post the quickscan results from OTL as well--never got that far before.

Member Avatar for 73formula

A Reboot got outlook to connect, however, the "ending program-O" box still appears while i turn off the computer. don't know if that indicates something is still in the system or not. also, HP updates is popping an error message at startup because something is missing.
Thank you


OTL quickscan log


OTL logfile created on: 9/24/2011 3:06:55 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.28% Memory free
3.81 Gb Paging File | 3.54 Gb Available in Paging File | 93.12% Paging File free
Paging file location(s): C:\pagefile.sys 2000 3069 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.74 Gb Total Space | 71.87 Gb Free Space | 50.00% Space Free | Partition Type: NTFS
Drive E: | 5.29 Gb Total Space | 0.95 Gb Free Space | 18.00% Space Free | Partition Type: FAT32

Computer Name: WARBIRD | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/23 18:53:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/05/08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/05/28 23:08:52 | 000,520,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
PRC - [2004/05/28 22:31:38 | 000,241,664 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2003/08/19 01:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/09 10:27:16 | 000,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/05/23 04:55:38 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/03/21 19:52:06 | 000,552,960 | ---- | M] (interMute, Inc.) -- C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
PRC - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
PRC - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/24 13:31:08 | 001,576,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092401\algo.dll
MOD - [2011/09/24 04:09:44 | 001,576,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092400\algo.dll
MOD - [2011/09/23 11:41:29 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092401\aswRep.dll
MOD - [2011/09/23 11:41:29 | 000,212,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11092400\aswRep.dll
MOD - [2010/10/06 03:01:48 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_f7ac6fa7\mscorlib.dll
MOD - [2010/10/06 03:01:43 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ea9c670e\system.drawing.dll
MOD - [2010/10/06 03:01:36 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1d176f8d\system.xml.dll
MOD - [2010/10/06 03:01:29 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7c961322\system.windows.forms.dll
MOD - [2010/10/06 03:01:18 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2d875838\system.dll
MOD - [2010/10/06 03:01:06 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2005/06/04 07:06:33 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005/06/04 07:06:32 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005/06/04 07:06:31 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2004/12/07 13:39:44 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2004/12/07 13:39:44 | 000,006,656 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2004/12/07 13:39:42 | 000,614,400 | ---- | M] () -- c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
MOD - [2004/12/07 13:39:23 | 000,032,768 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2004/12/07 13:39:10 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2004/12/07 13:39:10 | 000,368,640 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2004/12/07 13:39:10 | 000,249,856 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2004/12/07 13:39:10 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2004/12/07 13:39:10 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
MOD - [2004/12/07 13:39:10 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll
MOD - [2004/12/07 13:39:10 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll
MOD - [2004/12/07 13:39:10 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2004/12/07 13:39:10 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2004/12/07 13:39:10 | 000,028,672 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2004/12/07 13:39:10 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2004/12/07 13:39:10 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2004/12/07 13:39:10 | 000,007,168 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2004/12/07 13:38:22 | 000,557,056 | ---- | M] () -- c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
MOD - [2004/12/07 13:38:22 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
MOD - [2004/12/07 13:38:22 | 000,151,552 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2004/12/07 13:38:22 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
MOD - [2004/12/07 13:38:22 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2004/12/07 13:38:22 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
MOD - [2003/08/23 08:55:10 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2003/08/23 08:16:18 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () -- C:\Program Files\Softex\OmniPass\omniServ.exe
MOD - [2003/02/21 05:50:12 | 000,040,960 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPGina.dll
MOD - [2003/02/21 05:50:10 | 000,053,248 | ---- | M] () -- C:\Program Files\Softex\OmniPass\OPXPApp.exe
MOD - [2003/02/21 05:49:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Softex\OmniPass\ginastub.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (hpdjaio)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/02/21 06:07:06 | 000,068,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Softex\OmniPass\omniServ.exe -- (omniserv)


========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/01/27 19:06:30 | 000,508,304 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Ca50xav.sys -- (Ca50xav)
DRV - [2004/10/05 08:14:39 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:29:51 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2004/01/28 08:09:36 | 000,026,624 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtBus.sys -- (SaiNtBus)
DRV - [2004/01/28 08:09:34 | 000,015,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2004/01/06 10:14:28 | 000,055,808 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0464.sys -- (SaiH0464)
DRV - [2003/12/05 13:46:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/08/11 11:22:54 | 000,040,228 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/05/14 17:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk50x.sys -- (USBCamera)
DRV - [2003/05/06 17:34:56 | 000,394,752 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/04/11 10:51:30 | 000,010,624 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/03/31 23:29:42 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/02/20 18:18:36 | 000,036,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2002/12/27 13:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/05/31 13:57:52 | 000,009,216 | ---- | M] (SMaL Camera Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smalidt.sys -- (SMALUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 28 EE C4 03 29 60 9C 47 B1 8C 3B 0B 6F D0 F7 C8 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/12/24 20:13:51 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/22 07:31:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/09 16:28:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/11 06:30:39 | 000,000,000 | ---D | M]

[2008/08/28 18:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/08/17 13:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions
[2006/10/26 20:34:00 | 000,000,000 | ---D | M] (Saferfox Xpanded) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{00D4154F-96D3-41ff-8E8E-113596D8670B}
[2010/04/27 06:16:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 13:46:50 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/08/14 21:30:46 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}
[2006/10/26 20:34:00 | 000,000,000 | ---D | M] (Modern Pinball) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2005/05/20 22:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\temp
[2011/05/10 15:02:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/09 16:28:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2001/06/17 19:08:26 | 000,063,057 | ---- | M] (MeadCo Corp.) -- C:\Program Files\mozilla firefox\plugins\npmeadax.dll
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2011/05/11 06:30:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/24 06:15:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (interMute, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38173.538900463 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B066DD9-2949-4283-9E55-04E563DB8AAA}: DhcpNameServer = 207.172.3.8 207.172.3.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FC5314D-D8AB-4F6F-BF6E-4D455D85C68E}: DhcpNameServer = 204.186.110.76 216.144.187.37 216.144.187.199
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\OPXPGina: DllName - (C:\Program Files\Softex\OmniPass\opxpgina.dll) - C:\Program Files\Softex\OmniPass\OPXPGina.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\My Documents\My Documents\My Pictures\KV 1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\My Documents\My Documents\My Pictures\KV 1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/06 17:57:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 06:07:38 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 03:02:32 | 000,000,045 | -HS- | M] () - E:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{55666b5a-ced4-11d8-bf49-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{55666b5a-ced4-11d8-bf49-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{55666b5a-ced4-11d8-bf49-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/24 14:53:41 | 000,186,880 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Owner\Desktop\LSPFix.exe
[2011/09/24 14:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\lspfix
[2011/09/24 06:13:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/23 18:53:49 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/23 18:48:48 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/09/22 15:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/09/22 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/22 14:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/22 14:55:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/22 14:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/22 14:54:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/22 08:43:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/22 07:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/09/22 07:32:36 | 000,320,856 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/22 07:32:36 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/22 07:32:31 | 000,052,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/22 07:32:31 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/22 07:32:30 | 000,442,200 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/22 07:32:29 | 000,110,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/22 07:32:29 | 000,104,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/22 07:32:28 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/22 07:31:41 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/22 07:31:39 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/22 07:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/09/22 07:31:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/06 15:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\latest pics
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/24 15:04:33 | 000,022,492 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/09/24 15:04:28 | 000,001,404 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/09/24 15:04:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/24 15:04:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/24 15:03:58 | 2146,291,712 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/24 06:15:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/23 18:53:53 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/09/23 07:43:34 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/09/22 14:55:39 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 14:54:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/22 08:43:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\vif3jgeb.exe
[2011/09/22 08:43:06 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/09/22 07:32:37 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/22 07:32:30 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/09/22 07:28:51 | 058,948,168 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/09/17 05:49:37 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/09/14 07:19:04 | 000,016,268 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\b_560x95.png
[2011/09/14 03:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/12 00:18:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011/09/06 19:01:24 | 000,155,842 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\St. Jane's CYO Waiver Form (1).pdf
[2011/09/06 15:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/09/06 15:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/09/06 15:36:23 | 000,110,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/09/06 15:36:20 | 000,104,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/09/06 15:33:11 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/09/06 15:32:24 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2011/09/06 14:20:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/28 08:39:31 | 000,387,985 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\packit-book-download.pdf
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/24 14:53:41 | 000,011,445 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LSPFix-source.zip
[2011/09/22 14:55:39 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/22 08:43:16 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\vif3jgeb.exe
[2011/09/22 07:32:37 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/09/22 07:28:05 | 058,948,168 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/09/14 07:19:03 | 000,016,268 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\b_560x95.png
[2011/09/12 00:18:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011/09/12 00:18:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011/09/06 19:01:24 | 000,155,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\St. Jane's CYO Waiver Form (1).pdf
[2011/08/28 08:33:57 | 000,387,985 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\packit-book-download.pdf
[2010/07/18 15:20:40 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/03/26 14:00:50 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/02/16 18:18:00 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Owner.ini
[2010/02/02 09:52:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/12/05 11:38:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Showbiz20.ini
[2009/09/10 16:15:36 | 000,000,423 | ---- | C] () -- C:\WINDOWS\System32\Dext504.ini
[2009/01/10 12:23:59 | 000,103,703 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2009/01/10 12:23:59 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2009/01/10 12:12:07 | 000,103,703 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2008/09/09 08:19:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/09/02 12:43:36 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/11 11:24:16 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2007/11/28 22:12:04 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/11/13 09:38:33 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\windrv.sys
[2007/11/11 17:38:16 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2007/11/11 17:38:16 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2007/11/11 17:38:16 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2007/10/25 22:44:39 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/25 22:44:34 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/10/25 22:44:26 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/03/07 23:20:07 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2007/03/07 23:20:07 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2007/03/07 23:19:56 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007/03/07 23:19:56 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2007/03/07 23:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2007/03/07 23:19:42 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2007/03/07 23:19:42 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2007/03/07 23:19:42 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2007/03/07 23:16:30 | 000,003,541 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/03/07 23:16:25 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/03/07 22:34:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\iAlmcoin.dll
[2007/01/31 21:51:58 | 000,112,777 | ---- | C] () -- C:\WINDOWS\System32\GMTUninstall2.exe
[2007/01/09 18:55:09 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/30 22:56:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/07 15:15:04 | 000,001,231 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2006/04/14 04:26:55 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/01/07 22:05:29 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/10/25 08:27:19 | 000,002,146 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2005/10/14 21:57:21 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2005/10/14 21:57:21 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2005/08/15 07:14:59 | 000,000,667 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/07/27 13:25:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/07/27 13:25:43 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/09 18:25:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2005/04/22 07:58:27 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/02/24 08:32:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/01/02 13:15:56 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/12/07 22:21:10 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\xfire_lsp_10650.dll
[2004/12/03 10:34:54 | 000,034,468 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2004/12/03 10:34:54 | 000,028,899 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2004/10/21 20:17:42 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/12 17:02:21 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/07/07 21:51:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/07/07 21:50:58 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2004/07/07 21:50:41 | 000,006,993 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/07/05 17:53:37 | 000,001,249 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2004/07/05 16:56:27 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/07/05 16:56:27 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/07/05 16:56:24 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/07/05 16:56:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/07/05 16:56:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/05 16:55:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/07/05 16:55:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/07/05 16:55:39 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/07/05 16:55:14 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/05 15:06:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/08/28 22:35:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/28 22:19:10 | 000,002,162 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2003/08/23 22:36:36 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2003/08/23 22:34:35 | 000,090,112 | R--- | C] () -- C:\WINDOWS\bwUnin-6.2.3.66.exe
[2003/08/23 22:33:23 | 000,026,395 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2003/08/23 22:32:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2003/08/23 22:32:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2003/08/23 09:25:25 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/08/23 09:25:15 | 000,000,608 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/08/23 09:12:08 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2003/08/23 09:01:26 | 000,006,848 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2003/08/23 09:01:21 | 000,018,403 | ---- | C] () -- C:\WINDOWS\HPHins01.dat
[2003/08/23 09:01:21 | 000,004,308 | ---- | C] () -- C:\WINDOWS\hphmdl01.dat
[2003/08/23 08:54:38 | 000,014,598 | ---- | C] () -- C:\WINDOWS\hpdins01.dat
[2003/08/23 08:54:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpzmdl01.dat
[2003/08/23 08:37:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2003/08/23 08:37:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2003/08/23 08:19:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/23 08:11:57 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2003/08/23 08:11:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2003/08/23 08:11:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2003/08/23 07:57:05 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/23 07:55:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/23 07:51:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/23 07:42:24 | 000,000,667 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/23 07:42:05 | 000,444,230 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/23 07:42:05 | 000,072,826 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/23 00:46:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/23 00:46:00 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/24 00:56:49 | 000,000,438 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2003/07/24 00:56:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2003/06/23 20:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/05/24 10:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2002/05/24 10:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2002/03/14 11:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[1998/08/16 04:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/06/28 07:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2011/09/22 07:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/22 16:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/11/24 23:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2010/02/26 15:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/06 23:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2011/08/12 15:21:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/02/11 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/09/22 07:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/02/11 11:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/07/18 15:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/02/11 11:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/09/27 15:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/11 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/08/12 15:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2004/08/03 16:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2007/11/11 20:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Common Files
[2007/12/14 16:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gslist
[2009/12/05 23:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InfraRecorder
[2003/08/28 22:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/07/28 12:38:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/02/11 11:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies
[2010/07/18 15:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2008/05/20 08:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/06/28 12:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/07/18 15:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Recordpad
[2003/08/23 22:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2004/08/12 05:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2006/12/30 22:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2011/06/30 16:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2009/07/08 18:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\W Photo Studio Viewer
[2011/04/22 22:12:44 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismDowngrade.job
[2011/04/03 19:31:01 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Member Avatar for crunchie

Can you let me know if your searches are still being hijacked?

Member Avatar for 73formula

Hi crunchie, first time back home since last post. The searches are still getting jacked. "About blank" shows in the address tab before the search results display and the pages that the results go to vary ...zip hip, ask for answers ... etc. I don't know if this relates to it or not, but I use MSN.com as my homepage and right about the time this started happening, a green microsoft corporation tab at the address bar began appear before page loading. that would be followed by a "click here to continue" type box before it would go to msn. Now the homepage tab in the address bar does go green momentarily, but there is no "click to continue box"

Member Avatar for crunchie

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Member Avatar for 73formula

Disabled everything prior to running Combofix, but it found instances of avg 2011 and EZ Antivirus running. I had uninstalled both programs (EZ I got rid of a couple years ago)--searched high and low to find them prior to the run but only found folders and logs from older versions of AVG. Had no choice but to run combo with the two processes still running, which shows in the log below. So far it seems like the searches are not getting jacked ... fingers are crossed.


ComboFix 11-09-26.01 - Owner 09/26/2011 0:52.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1412 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: eTrust EZ Antivirus *Enabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\agebwawpnl.tmp
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\extensions\{902472f4-be57-43cf-ad81-baf77d0f880f}\install.rdf
c:\documents and settings\Owner\g2mdlhlpx.exe
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\backupnotify.exe.25bd8912.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\BalloonMsg.exe.6532ce79.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.f314eb97.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.f314eb97.ini.inuse
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimvac.exe.4c876e52.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\HpqPhUnl.exe.531fe3a5.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqselsk.exe.c3cfc9d0.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\iexplore.exe.26e3ad32.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\Install.exe.44f7be6f.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\SL3E.tmp.b3f64ff3.ini
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))
.
.
2011-09-26 06:17 . 2011-09-26 06:19 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2011-09-24 11:13 . 2011-09-24 11:13 -------- dc----w- C:\_OTL
2011-09-22 20:04 . 2011-09-22 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-09-22 19:55 . 2011-09-22 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-22 19:55 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-22 19:55 . 2011-09-22 19:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-22 12:32 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-22 12:32 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-22 12:32 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-22 12:32 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-22 12:32 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-22 12:32 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-22 12:32 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-22 12:32 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-22 12:31 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-22 12:31 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-22 12:31 . 2011-09-22 12:31 -------- d-----w- c:\program files\AVAST Software
2011-09-22 12:31 . 2011-09-22 12:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-12 05:18 . 2011-09-12 05:18 1409 ----a-w- c:\windows\QTFont.for
2011-09-03 10:17 . 2011-09-09 09:12 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-07-05 20:03 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2004-07-05 21:56 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2004-07-05 21:56 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2004-08-10 04:30 . 2006-01-08 03:05 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
2011-09-09 21:28 . 2011-05-11 11:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 151597]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-12 6729728]
"nwiz"="nwiz.exe" [2005-05-12 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-12 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-11 282624]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-8-28 552960]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-2-11 118784]
Updates from HP.lnk - c:\program files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-8-23 16384]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
mod_sm.lnk - c:\hp\bin\cloaker.exe [1999-11-7 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\interMute\\SpamSubtract\\SpamSubtract.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/22/2011 7:32 AM 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/22/2011 7:32 AM 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/22/2011 7:32 AM 20568]
S2 Ca50xav;Digital Blue DMC2 Video Device;c:\windows\system32\drivers\Ca50xav.sys [9/10/2009 4:15 PM 508304]
S2 hpdjaio;hpdjaio;c:\docume~1\Owner\LOCALS~1\Temp\hpdjaio.exe -servicerunning=true -uninstall=hp psc 2400 series -product=aio --> c:\docume~1\Owner\LOCALS~1\Temp\hpdjaio.exe -servicerunning=true -uninstall=hp psc 2400 series -product=aio [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [1/6/2004 10:14 AM 55808]
S3 SMALUSB;Digital Camera Driver;c:\windows\system32\drivers\smalidt.sys [8/15/2005 7:11 AM 9216]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2010-11-27 13:51]
.
2011-04-04 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2010-11-27 13:51]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.1ky\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-26 01:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\program files\Softex\OmniPass\opxpgina.dll
.
- - - - - - - > 'explorer.exe'(3652)
c:\docume~1\Owner\LOCALS~1\Temp\IadHide4.dll
c:\windows\system32\nview.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Softex\OmniPass\Omniserv.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2011-09-26 01:28:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-26 06:28
.
Pre-Run: 77,075,918,848 bytes free
Post-Run: 77,214,044,160 bytes free
.
- - End Of File - - 5C4D25AF0B04C625FA01D22AD0E036E9

Member Avatar for crunchie

Lets wait a day or two to confirm the problem is resolved, but I would like you to do the following in the mean-time;

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool.

  • Type eTrust in the dialog box.
  • Let it run and after a few minutes, a prompt will appear.
  • Click OK to write the results to Notepad and post them here.

Do the same again for AVG.

Member Avatar for 73formula

ran VBS, it found 21 instances of eTrust, however I can't copy/open the file, a windows script host error box pops up with "the system cannot find the file specified."

Member Avatar for crunchie

You may have to locate those entries yourself then and delete them. Or you can just leave them as they are only remnants of the uninstalled program.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.