AV Security Suite

I got the virus yesterday, and I think I got the worst of it. (by the way its on a different pc) I can't go on the internet, but I put no proxy so now I can use Firefox, but the virus won't let me go to command, it won't let me download anything, I can't really go on any programs, every 5 minutes it sends me to porn.com, there's all these pop-ups, and I just don't know what to do.
And I can't go into safemode because every time I press F8 it still goes to the normal screen.
Can anyone help?

Hi,

Please transfer these over with a USB drive, it will block a majority of these so please download them all run them until one works.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

• Save it to your Desktop.
  
• Double click the RKill desktop icon.
  
• It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  
• Please post its log in your next reply.
  
• After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

======

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Um, I've download the two programs on my computer, but everytime I double click rkill or otl, the virus says that rkill or otl is infected and I can't use it. Do you know what I can do now?

Have you tried all the different file types?

ok the second link for rkil worked, and where do I paste the content?

Hi,

Please post the OTL logs and the Rkill log in your next reply.

You may need to split the OTL logs into a couple replies.

Oh, I accidently deleted rkill and forgot to copy and paste, but when OTL finishes I can post those logs.

Alright, I await your logs.

OTL.txt

OTL logfile created on: 7/11/2010 11:39:39 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Herman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 669.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 70.76 Gb Free Space | 47.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HERMAN-4B81483D
Current User Name: Herman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/11 11:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL.exe
PRC - [2010/04/24 19:17:04 | 002,938,552 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/14 13:33:03 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/02/05 13:08:45 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/02/05 13:08:40 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/02/05 13:08:26 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 13:06:04 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/02/05 13:01:25 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/04/10 14:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2007/03/12 02:27:02 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdjcoms.exe


========== Modules (SafeList) ==========

MOD - [2010/07/11 11:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/02/05 13:08:40 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/02/05 13:08:26 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/02/05 13:06:04 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/02/05 13:01:25 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/17 14:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/12 02:27:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdjcoms.exe -- (lxdj_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/04/24 20:09:23 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009/07/06 15:42:17 | 000,137,888 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/02/05 13:08:10 | 000,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/02/05 13:07:23 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/02/05 13:07:12 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/02/05 13:06:20 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/02/05 13:06:10 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/02/05 13:05:11 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/04/10 14:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2006/08/10 06:32:14 | 000,204,672 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2004/08/12 07:02:46 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/12 07:02:46 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}:2.6.0.15
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.14908
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.8.107
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/25 08:56:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/26 21:50:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/26 21:50:01 | 000,000,000 | ---D | M]

[2009/07/02 17:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herman\Application Data\Mozilla\Extensions
[2009/07/02 17:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herman\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/10 21:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions
[2009/09/02 17:01:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/01 00:11:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/10 19:23:11 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/05/08 19:33:43 | 000,000,000 | ---D | M] (The Banana Bar Toolbar) -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}
[2009/07/10 19:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\battlefieldheroespatcher@ea.com
[2010/07/03 20:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\toolbar@ask.com
[2009/10/10 19:23:30 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\searchplugins\aim-search.xml
[2010/07/03 20:09:22 | 000,002,253 | ---- | M] () -- C:\Documents and Settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\searchplugins\askcom.xml
[2010/07/10 11:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 11:36:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2009/03/26 20:38:59 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/12 06:57:47 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXDJCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDJtime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [sqchyjqf] C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow\bodrdyqtssd.exe ()
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [sqchyjqf] C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow\bodrdyqtssd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/18 02:08:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{19FB76C6-DBEF-44B5-A053-ECDF5F855A07} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/11 11:35:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL2.com
[2010/07/11 11:35:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL3.scr
[2010/07/11 11:19:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/11 11:19:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/11 11:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/11 11:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/11 11:14:52 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Herman\Desktop\mbam-setup.exe
[2010/07/11 11:14:40 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL.exe
[2010/07/10 23:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow
[2010/06/23 23:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Herman\Local Settings\Application Data\AskToolbar
[2010/06/23 21:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/11 17:50:59 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2007/03/02 20:13:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpmui.dll
[2007/03/02 20:12:20 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjserv.dll
[2007/03/02 20:05:52 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomm.dll
[2007/03/02 20:04:14 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjlmpm.dll
[2007/03/02 20:02:54 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjiesc.dll
[2007/03/02 20:00:22 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjpplc.dll
[2007/03/02 19:59:32 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjcomc.dll
[2007/03/02 19:58:58 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjprox.dll
[2007/03/02 19:51:50 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjinpa.dll
[2007/03/02 19:51:08 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjusb1.dll
[2007/03/02 19:47:00 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdjhbn3.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/11 11:36:04 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Herman\ntuser.dat
[2010/07/11 11:33:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/11 11:33:29 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/11 11:33:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/11 11:33:21 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/11 11:31:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL3.scr
[2010/07/11 11:30:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL2.com
[2010/07/11 11:26:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Herman\ntuser.ini
[2010/07/11 11:19:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/11 11:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Herman\Desktop\OTL.exe
[2010/07/11 11:02:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Herman\Desktop\mbam-setup.exe
[2010/07/11 00:01:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/09 12:51:26 | 006,393,870 | -H-- | M] () -- C:\Documents and Settings\Herman\Local Settings\Application Data\IconCache.db
[2010/07/09 10:57:30 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Herman\Desktop\Microsoft Office Word 2007.lnk
[2010/07/01 19:21:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 14:34:18 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Herman\jagex_runescape_preferences.dat
[2010/06/30 14:24:07 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Herman\jagex_runescape_preferences2.dat
[2010/06/30 13:20:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/25 22:54:53 | 000,026,146 | ---- | M] () -- C:\Documents and Settings\Herman\My Documents\tape.JPG
[2010/06/25 13:46:08 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2010/06/24 11:00:07 | 000,513,862 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 11:00:07 | 000,450,386 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 11:00:07 | 000,074,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 21:55:58 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Herman\Desktop\LimeWire 5.5.10.lnk
[2010/06/22 14:35:12 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Herman\Desktop\Microsoft Office Word 2007 (3).lnk
[2010/06/15 18:14:27 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\Herman\My Documents\Freshman summer reading 2010.doc
[2010/06/12 08:49:14 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 08:45:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/11 11:19:18 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 22:54:53 | 000,026,146 | ---- | C] () -- C:\Documents and Settings\Herman\My Documents\tape.JPG
[2010/06/23 21:56:40 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/06/23 21:55:58 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\Herman\Desktop\LimeWire 5.5.10.lnk
[2010/06/15 18:14:25 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\Herman\My Documents\Freshman summer reading 2010.doc
[2010/04/24 20:09:23 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/09/15 20:55:33 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\lxdjcoin.dll
[2009/07/24 16:02:41 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/07/06 15:42:19 | 000,137,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/02/27 11:02:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdjgrd.dll
[2006/05/18 07:47:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdjvs.dll
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/30 12:29:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/30 12:29:07 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/30 12:29:07 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/12 06:55:47 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/12 06:56:34 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/12 06:57:44 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/12 06:58:39 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/12 06:58:39 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/12 07:02:34 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/12 07:02:34 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/12 07:02:34 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/12 07:02:34 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/12 07:02:35 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/12 07:02:36 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/12 07:02:37 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/12 07:02:37 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/12 07:02:37 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/12 07:02:37 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/05/01 22:22:50 | 001,851,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/02/15 18:49:00 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2007/10/18 02:08:20 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/01 00:47:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/10/18 02:08:20 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/11 11:33:21 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2008/02/12 11:46:56 | 000,014,663 | ---- | M] () -- C:\hpfr3600.log
[2009/06/30 18:32:32 | 000,000,001 | ---- | M] () -- C:\i
[2009/12/01 21:53:55 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2009/07/24 16:26:55 | 000,921,624 | ---- | M] () -- C:\img2-002.raw
[2007/10/18 02:08:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/10 19:19:45 | 000,001,204 | -H-- | M] () -- C:\IPH.PH
[2010/05/08 11:28:18 | 000,000,148 | ---- | M] () -- C:\lxdj.log
[2007/10/18 02:08:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/12 07:02:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/06 21:51:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/11 11:33:20 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/05/16 22:36:24 | 001,393,442 | ---- | M] () -- C:\pass.bmp
[2009/04/03 18:50:48 | 000,000,456 | ---- | M] () -- C:\rapport.txt
[2010/07/11 11:35:46 | 000,000,372 | ---- | M] () -- C:\rkill.log
[2009/01/24 19:24:17 | 000,659,456 | ---- | M] () -- C:\t2ms.3
[2009/06/30 18:32:04 | 000,000,001 | ---- | M] () -- C:\u

< %PROGRAMFILES%\*. >
[2009/11/06 23:17:38 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Mixcraft 4
[2009/11/06 23:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Acoustica Shared Effects
[2009/04/14 20:05:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/25 17:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2008/04/19 12:54:30 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2009/10/10 19:19:21 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/12/28 13:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2010/04/18 22:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2009/02/06 21:06:16 | 000,000,000 | ---D | M] -- C:\Program Files\America's Army
[2009/07/03 21:35:13 | 000,000,000 | ---D | M] -- C:\Program Files\America's Army Server Manager
[2008/12/29 14:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\Angle Interactive
[2008/09/13 19:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/03 20:01:25 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2009/04/04 20:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/12/19 00:45:21 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2009/03/15 16:23:14 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/09/05 14:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\CA Yahoo! Anti-Spy
[2008/08/20 14:36:21 | 000,000,000 | ---D | M] -- C:\Program Files\Call of Duty Dawnville Demo
[2008/08/13 14:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Call of Duty United Offensive Single Player Demo
[2009/12/19 00:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/10/18 02:04:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/06/02 21:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2008/03/09 15:24:09 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2009/08/06 16:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2010/07/11 11:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2009/07/10 20:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Download Manager
[2009/08/12 21:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2009/02/06 18:02:52 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos
[2009/01/17 18:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\G4box
[2009/08/25 22:53:50 | 000,000,000 | ---D | M] -- C:\Program Files\GamersFirst
[2009/04/09 16:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2008/12/28 14:13:10 | 000,000,000 | ---D | M] -- C:\Program Files\GetModule
[2009/02/25 17:02:36 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/04 20:19:22 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2008/06/13 20:14:53 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2007/10/19 02:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2009/08/29 22:39:34 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/06/12 08:40:52 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/05/30 21:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Invasion Interactive Ltd
[2009/09/22 16:21:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/09/22 16:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/07/03 10:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2007/10/18 06:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\Java Web Start
[2009/04/03 16:07:34 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2009/08/29 22:39:37 | 000,000,000 | ---D | M] -- C:\Program Files\KingsIsle Entertainment
[2009/09/15 20:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 1400 Series
[2009/09/15 20:43:48 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/06/23 21:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/05/17 18:46:38 | 000,000,000 | ---D | M] -- C:\Program Files\Logs
[2010/06/12 18:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\lx_cats
[2010/07/11 11:19:19 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/25 08:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2009/03/13 17:01:17 | 000,000,000 | ---D | M] -- C:\Program Files\MediaMobsters
[2009/07/02 23:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/10/18 02:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/03/05 00:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/07/24 16:02:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2009/09/14 18:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/06/05 08:56:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/09/14 18:01:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/09/14 17:57:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/08 13:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/09/14 18:00:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/03/11 16:49:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/10 23:18:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/09/14 18:02:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/25 20:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/10/18 02:03:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/06/30 18:59:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/10/20 02:14:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/06/11 19:18:17 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2009/07/02 12:43:58 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/09/05 20:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\NovaLogic
[2007/10/18 02:06:26 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/06/15 16:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2009/04/03 16:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/05/12 16:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/10/19 04:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\Overland
[2008/12/19 16:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\Pando Networks
[2009/06/30 21:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/02/14 18:36:02 | 000,000,000 | ---D | M] -- C:\Program Files\PCPitstop
[2009/06/30 18:59:28 | 000,000,000 | ---D | M] -- C:\Program Files\Pivot Stickfigure Animator
[2009/09/22 16:19:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/02/24 18:01:16 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/07/24 16:54:13 | 000,000,000 | ---D | M] -- C:\Program Files\Red Storm Entertainment
[2009/08/08 11:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/06/02 21:01:07 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Easy
[2009/06/30 19:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Mechanic
[2009/06/30 18:59:44 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/06/30 18:58:10 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra Entertainment
[2009/08/01 22:35:35 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/04/19 09:22:08 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2008
[2009/01/18 13:05:34 | 000,000,000 | ---D | M] -- C:\Program Files\Softnyx
[2008/11/16 18:56:27 | 000,000,000 | ---D | M] -- C:\Program Files\Soldier of Fortune II - SP Demo
[2009/12/18 23:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/12/18 23:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/06/03 17:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Steam
[2009/08/04 20:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/02/03 19:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009/09/08 22:53:32 | 000,000,000 | ---D | M] -- C:\Program Files\THQ
[2009/03/28 19:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2008/06/21 15:06:57 | 000,000,000 | ---D | M] -- C:\Program Files\Ubi Soft
[2009/01/17 15:23:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2007/10/18 02:14:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/10/19 01:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2007/10/19 01:43:51 | 000,000,000 | ---D | M] -- C:\Program Files\VIA Technologies, Inc
[2009/02/04 19:59:28 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/04/28 20:24:07 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/11/06 23:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\VST
[2009/06/19 21:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\WarRock
[2007/10/20 02:13:04 | 000,000,000 | ---D | M] -- C:\Program Files\Washer
[2009/07/24 16:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/02/24 18:00:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2008/01/29 22:02:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2007/10/18 19:59:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/07/02 12:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/02 12:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/10/18 02:06:29 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/09/12 17:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Wolfenstein - Enemy Territory
[2007/10/18 02:08:34 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/07/01 00:00:13 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/06/30 12:30:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Herman\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 06:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/12 06:56:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/12 06:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2004/08/12 07:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/12 07:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/12 07:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/12 07:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/07/02 12:34:57 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 18:02:49

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Herman\Desktop\01 Hip Hop Bee Bop (Don't Stop).m4a:SummaryInformation
< End of report >

Extras.txt

OTL Extras logfile created on: 7/11/2010 11:39:39 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Herman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 669.00 Mb Available Physical Memory | 65.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 70.76 Gb Free Space | 47.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HERMAN-4B81483D
Current User Name: Herman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57864:TCP" = 57864:TCP:*:Enabled:Pando Media Booster
"57864:UDP" = 57864:UDP:*:Enabled:Pando Media Booster
"56394:TCP" = 56394:TCP:*:Enabled:Pando Media Booster
"56394:UDP" = 56394:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57864:TCP" = 57864:TCP:*:Enabled:Pando Media Booster
"57864:UDP" = 57864:UDP:*:Enabled:Pando Media Booster
"56394:TCP" = 56394:TCP:*:Enabled:Pando Media Booster
"56394:UDP" = 56394:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Lexmark 1400 Series\app4r.exe" = C:\Program Files\Lexmark 1400 Series\app4r.exe:*:Enabled:BorgListener -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdjcoms.exe" = C:\WINDOWS\system32\lxdjcoms.exe:*:Enabled:1400 Series Server -- ( )
"C:\Program Files\Lexmark 1400 Series\lxdjamon.exe" = C:\Program Files\Lexmark 1400 Series\lxdjamon.exe:*:Enabled:Device Monitor Application -- File not found
"C:\Program Files\Lexmark 1400 Series\App4R.exe" = C:\Program Files\Lexmark 1400 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- File not found
"C:\Documents and Settings\Herman\Local Settings\Temp\lxdj\wireless\ENGLISH\lxdjwpss.exe" = C:\Documents and Settings\Herman\Local Settings\Temp\lxdj\wireless\ENGLISH\lxdjwpss.exe:*:Enabled: -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Red Storm Entertainment\Ghost Recon Demo\GRDemo.exe" = C:\Program Files\Red Storm Entertainment\Ghost Recon Demo\GRDemo.exe:*:Enabled:GRDemo -- File not found
"C:\Documents and Settings\Herman\Local Settings\Temp\0df25128a4ff4ff081500d63dd9e878a\RelicDownloader.exe" = C:\Documents and Settings\Herman\Local Settings\Temp\0df25128a4ff4ff081500d63dd9e878a\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- File not found
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\GamersFirst\Parabellum Beta\binaries\ParabellumTheGame.exe" = C:\Program Files\GamersFirst\Parabellum Beta\binaries\ParabellumTheGame.exe:*:Enabled:ParabellumTheGame -- File not found
"C:\Documents and Settings\Herman\Desktop\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Documents and Settings\Herman\Desktop\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- (THQ Canada Inc.)
"C:\Documents and Settings\Herman\Desktop\Company of Heroes\RelicCOH.exe" = C:\Documents and Settings\Herman\Desktop\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- (THQ Canada Inc.)
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Documents and Settings\Herman\Local Settings\Temp\1dcbb2e2c58444afb787ea356da0f46a\RelicDownloader.exe" = C:\Documents and Settings\Herman\Local Settings\Temp\1dcbb2e2c58444afb787ea356da0f46a\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager -- (THQ Canada Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjtime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjpswx.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdjjswx.exe:*:Enabled: -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*:Enabled:Combat Arms -- (Nexon)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1C4C5C53-D960-4E1C-96A6-F6B52EA43A45}" = ACID Xpress 7.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast!" = avast! Antivirus
"AVS Audio Converter 6.1_is1" = AVS Audio Converter version 6.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Combat Arms" = Combat Arms
"Company of Heroes" = Company of Heroes
"Download Manager" = Download Manager 2.3.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 1400 Series" = Lexmark 1400 Series
"LimeWire" = LimeWire 5.5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUS" = Microsoft Office Professional Plus 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 7/1/2009 4:03:47 PM | Computer Name = HERMAN-4B81483D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
E:\setup.exe failed, 0000001E.

Error - 11/7/2009 12:18:40 AM | Computer Name = HERMAN-4B81483D | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.com/complete/search?hl=en&client=serp&pq=weak%2013%20year%20old%2C%20how%20to%20get%20a%20job&q=13%20years%20old%20how%20to%20get%20a%20job&cp=12
failed, 0000A413.

[ Application Events ]
Error - 5/7/2010 4:11:40 PM | Computer Name = HERMAN-4B81483D | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3743, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/26/2010 10:10:46 PM | Computer Name = HERMAN-4B81483D | Source = Application Hang | ID = 1002
Description = Hanging application skypePM.exe, version 2.0.0.65, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/7/2010 8:28:58 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/7/2010 8:28:58 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/7/2010 8:28:59 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/7/2010 8:28:59 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/7/2010 8:29:00 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/7/2010 8:29:00 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/7/2010 8:29:01 PM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

Error - 6/25/2010 3:05:55 AM | Computer Name = HERMAN-4B81483D | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.

[ System Events ]
Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service
to connect.

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service
to connect.

Error - 6/28/2010 12:43:30 PM | Computer Name = HERMAN-4B81483D | Source = Service Control Manager | ID = 7000
Description = The avast! Mail Scanner service failed to start due to the following
error: %%1053

Error - 7/11/2010 2:14:55 PM | Computer Name = HERMAN-4B81483D | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 7/11/2010 2:35:26 PM | Computer Name = HERMAN-4B81483D | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.


< End of report >

So is av security completely removed?

Hi,

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKLM..\Run: [sqchyjqf] C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow\bodrdyqtssd.exe ()
  O4 - HKCU..\Run: [sqchyjqf] C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow\bodrdyqtssd.exe File not found
  
  :files
  C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow
  
  :commands
  [emptytemp]
  [resethosts]
  [reboot]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If this fix becomes unresponsive, please move on to ComboFix.

======

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

content:

All processes killed
Error: Unable to interpret ~[Filtered]~ in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
========== FILES ==========
C:\Documents and Settings\Herman\Local Settings\Application Data\hpxowqcow folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Flash cache emptied: 41044 bytes

User: Herman
->Temp folder emptied: 1780904669 bytes
->Java cache emptied: 66939217 bytes
->FireFox cache emptied: 56927479 bytes
->Flash cache emptied: 149176 bytes

User: hermon
->Temp folder emptied: 7463747608 bytes
->Java cache emptied: 21783517 bytes
->FireFox cache emptied: 131766257 bytes
->Apple Safari cache emptied: 327868006 bytes
->Flash cache emptied: 213188 bytes

User: LocalService
->Temp folder emptied: 65984 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 65984 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64498118 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64714926 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2132327739 bytes

Total Files Cleaned = 11,553.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07112010_120800

Files\Folders moved on Reboot...
C:\Documents and Settings\Herman\Local Settings\Temp\~DF8D40.tmp moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_600.dat not found!

Registry entries deleted on Reboot...

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

ComboFix 10-07-11.02 - Herman 07/11/2010 12:56:21.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.478 [GMT -7:00]
Running from: c:\documents and settings\Herman\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 100711-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\hermon\System
c:\documents and settings\hermon\System\win_qs8.jqx
C:\i
c:\program files\GetModule

.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 19:08 . 2010-07-11 19:08 -------- d-----w- C:\_OTL
2010-07-11 18:55 . 2010-07-11 18:55 -------- d-----w- c:\documents and settings\Herman\Application Data\Malwarebytes
2010-07-11 18:19 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 18:19 . 2010-07-11 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 18:19 . 2010-07-11 18:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-07-11 18:19 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 02:19 . 2010-06-30 02:19 2728840 ----a-w- c:\documents and settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-24 06:52 . 2010-06-24 06:54 -------- d-----w- c:\documents and settings\Herman\Local Settings\Application Data\AskToolbar
2010-06-24 04:56 . 2010-07-04 03:01 -------- d-----w- c:\program files\Ask.com
2010-06-12 00:50 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 20:02 . 2009-08-02 05:36 -------- d-----w- c:\documents and settings\Herman\Application Data\Skype
2010-07-11 19:53 . 2009-07-17 06:10 -------- d-----w- c:\documents and settings\Herman\Application Data\DNA
2010-07-11 19:13 . 2009-07-17 06:10 -------- d-----w- c:\program files\DNA
2010-07-11 18:33 . 2009-08-02 05:37 -------- d-----w- c:\documents and settings\Herman\Application Data\skypePM
2010-06-30 21:34 . 2009-08-22 03:29 46 ----a-w- c:\documents and settings\Herman\jagex_runescape_preferences.dat
2010-06-30 21:24 . 2009-09-20 23:40 99 ----a-w- c:\documents and settings\Herman\jagex_runescape_preferences2.dat
2010-06-28 06:56 . 2009-07-03 00:51 -------- d-----w- c:\documents and settings\Herman\Application Data\LimeWire
2010-06-25 15:56 . 2009-07-03 18:05 -------- d-----w- c:\program files\McAfee
2010-06-24 04:55 . 2008-01-01 06:54 -------- d-----w- c:\program files\LimeWire
2010-06-13 01:44 . 2009-07-04 01:16 -------- d-----w- c:\program files\lx_cats
2010-06-12 15:44 . 2009-09-15 00:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-06-05 15:56 . 2009-03-26 04:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 00:46 . 2009-07-31 21:50 -------- d-----w- c:\program files\Steam
2010-06-03 05:58 . 2010-06-03 05:58 85504 ----a-w- c:\documents and settings\Herman\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-06-03 05:58 . 2010-06-03 05:58 -------- d-----w- c:\documents and settings\Herman\Application Data\SystemRequirementsLab
2010-05-20 04:08 . 2010-05-20 04:08 50354 ----a-w- c:\documents and settings\Herman\Application Data\Facebook\uninstall.exe
2010-05-20 04:08 . 2010-05-20 04:08 -------- d-----w- c:\documents and settings\Herman\Application Data\Facebook
2010-05-06 10:41 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-12 14:09 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-25 03:09 . 2010-04-25 03:09 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys
2010-04-25 02:20 . 2010-04-25 02:20 0 ----a-w- c:\documents and settings\Herman\jagex__preferences3.dat
2010-04-21 19:18 . 2010-05-09 02:33 52224 ----a-w- c:\documents and settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\FFExternalAlert.dll
2010-04-21 19:18 . 2010-05-09 02:33 101376 ----a-w- c:\documents and settings\Herman\Application Data\Mozilla\Firefox\Profiles\3b81polw.default\extensions\{d1d2eee2-6544-4edb-a0c5-5cdd7b44b13c}\components\RadioWMPCore.dll
2010-04-20 05:30 . 2004-08-12 13:55 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-05-01 21:02 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-11 1233288]

Hi,

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/11/2010 7:23:19 PM
mbam-log-2010-07-11 (19-23-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 252269
Time elapsed: 1 hour(s), 12 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\hermon\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Start Menu\Antivirus 2009 (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Herman\My Documents\Downloads\MyWebFaceSetup2.3.50.45_2.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\My Documents\dfbhdSetup-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP25\A0029815.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP25\A0029824.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP29\A0038053.exe (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004038.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004039.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004047.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004050.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004053.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004054.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004055.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004056.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004060.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004061.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004063.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004064.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004065.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004067.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004068.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004069.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004070.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004071.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004072.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004073.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004074.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005025.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005029.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005030.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005031.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005032.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005033.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005047.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0004062.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F86A0293-1965-4579-9828-CD1A759BF6BB}\RP5\A0005026.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Start Menu\Antivirus 2009\Antivirus 2009.lnk (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.AntiVirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\hermon\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.AntiVirus2009) -> Quarantined and deleted successfully.

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic