I was attempting to help my room mate remove this virus along with a bunch of other viruses. I worked on it most of last night only to have this particular virus get progressively worse. I found a previous post in your forum that seems to have the solution. First time on your site and as you recommended, I refrained from attempting the fix until you have a chance to review computer status. I am pretty sure there are other viruses as well. Initially I installed and ran malware bytes, avast, and glary utilities for initial clean up of viruses and other junk he had on his computer... so I could at least navigate explorer and get on line. Malware bytes and Avast removed quite a few viruses, however Avast is detecting a threat about every 30 seconds or so now and I also noticed that his firewall isn't on. Following is the status information you requested. Thank you for your help.
OTL logfile created on: 6/17/2011 6:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.97 Mb Total Physical Memory | 94.60 Mb Available Physical Memory | 18.51% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.36 Gb Free Space | 81.49% Space Free | Partition Type: NTFS
Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.com
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/06/11 16:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/02/10 20:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/14 12:39:48 | 000,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
PRC - [2004/07/27 18:11:14 | 005,434,880 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
========== Modules (SafeList) ==========
MOD - [2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.com
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (UPHClean)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/11 16:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2003/11/13 11:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
========== Driver Services (SafeList) ==========
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/10 21:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2007/01/25 09:07:06 | 000,530,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt931a.sys -- (SQ931)
DRV - [2004/03/10 19:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TNET1130x.sys -- (TNET1130x)
DRV - [2004/01/26 18:42:44 | 000,728,083 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2003/10/14 14:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 14:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 14:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 20:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/05/14 14:01:42 | 000,062,673 | R--- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/01/23 14:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/22 15:47:34 | 000,003,104 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\OzCrd2k.sys -- (OzCrd2k)
DRV - [2002/04/05 13:00:54 | 000,073,827 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2001/11/29 15:13:10 | 000,094,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Intel 82801 Audio Driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.easyseek.com/?opts=yes&hp=11&c=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.facebook.com/?ref=hp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/06/13 04:45:04 | 000,000,919 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 67.205.118.181 www.google.com
O1 - Hosts: 67.205.118.182 search.yahoo.com
O1 - Hosts: 67.205.118.182 www.bing.com
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/04 13:29:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDE470A3-C647-44DF-8A0D-8876ED3D61B2} - rundll32.exe "C:\Documents and Settings\Owner\Application Data\Sun\gfdt4.dll", UnregisterDll
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\ucdvfw.dll (Xirlink, Inc)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)
Drivers32: VIDC.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xl_yv12.dll (Xirlink, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (75730379486527488)
========== Files/Folders - Created Within 30 Days ==========
[2011/06/17 18:19:47 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/17 18:01:39 | 004,130,419 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2011/06/17 17:58:38 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/06/16 19:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/06/16 19:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/16 19:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/16 19:11:07 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/16 19:11:06 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/16 19:10:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/16 19:10:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/16 19:10:54 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/16 19:10:49 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/16 19:10:49 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/16 19:10:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/16 19:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/16 19:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/16 19:09:45 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/16 19:09:43 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/16 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/16 19:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/16 18:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/09 16:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/09 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/09 12:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{576B2E82-6953-430F-9534-6477694D6808}
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/17 18:06:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/17 17:51:18 | 004,130,419 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2011/06/17 17:49:29 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/17 17:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 17:49:24 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/17 17:48:12 | 000,012,657 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/06/17 17:48:01 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\FQBBLJOX.job
[2011/06/17 17:47:54 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\TXLUCZBHVQ.job
[2011/06/17 17:47:46 | 001,369,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/06/17 17:47:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 17:42:00 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/06/17 17:20:47 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Glary Utilities.lnk
[2011/06/17 16:57:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/16 19:21:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 19:13:20 | 000,012,160 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/16 19:11:10 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 19:03:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E857783A-8EC4-4823-8D25-C64FB195442D}.job
[2011/06/16 18:31:44 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/06/16 17:15:16 | 000,013,410 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/16 17:15:15 | 000,013,410 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/13 04:45:04 | 000,000,919 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 06:47:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 13:26:38 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\mlog
[2011/06/09 13:10:46 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\ylog
[2011/06/09 12:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Izevux.bin
[2011/06/09 12:34:43 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tyucal.dat
[2011/06/09 08:57:36 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sign in to Yahoo!.url
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\nvrsko9.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\desk0.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 03:45:23 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/17 18:06:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/17 18:01:39 | 001,369,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/06/16 19:21:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 19:21:49 | 000,039,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/16 19:21:31 | 000,022,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/16 19:11:10 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 19:01:45 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/06/16 17:22:36 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:45:46 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:45:46 | 000,005,656 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/10 06:52:12 | 000,013,410 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/10 06:52:12 | 000,013,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/09 16:07:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 12:49:42 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\mlog
[2011/06/09 12:40:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\ylog
[2011/06/09 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Izevux.bin
[2011/06/09 12:34:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tyucal.dat
[2011/06/09 05:48:33 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\FQBBLJOX.job
[2011/06/09 05:48:33 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\TXLUCZBHVQ.job
[2011/06/09 05:47:32 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\nvrsko9.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\desk0.dll
[2011/05/27 10:26:16 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E857783A-8EC4-4823-8D25-C64FB195442D}.job
[2010/09/04 23:51:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/04 20:52:28 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SQCap.exe
[2010/09/04 20:52:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SQ931STI.exe
[2010/09/04 20:52:27 | 000,530,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2010/09/04 20:52:27 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2010/09/04 17:34:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\VMonitor.exe
[2010/09/04 14:59:33 | 000,012,657 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/04 14:57:49 | 000,084,644 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2010/09/04 14:57:49 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2010/09/04 13:48:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/09/04 13:46:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 13:46:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/04 13:46:53 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/09/04 13:46:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/09/04 13:46:47 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/04 13:30:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/04 13:25:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/04 13:22:59 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/04 13:22:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/09/04 13:22:47 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/09/04 08:13:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/04 08:08:20 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 13:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 04:00:00 | 000,442,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 04:00:00 | 000,071,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/10 04:47:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DMFileMan.dll
[2003/01/22 15:47:34 | 000,003,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\OzCrd2k.sys
[2002/07/25 16:21:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\O2USB.exe
[2002/03/19 15:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
========== Custom Scans ==========
< %APPDATA%\Microsoft\*.* >
[2011/02/28 05:38:17 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %USERPROFILE%\Desktop\*.exe >
[2011/06/17 17:42:00 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\desktop\aswMBR.exe
[2011/06/17 17:51:18 | 004,130,419 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\desktop\Combo-Fix.exe
[2010/09/17 17:32:18 | 017,327,195 | ---- | M] (Mooii) -- C:\Documents and Settings\Owner\desktop\PhotoScapeSetup_V3.5.exe
[2011/06/16 18:31:44 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Owner\desktop\setup_av_free.exe
[2011/06/17 17:47:46 | 001,369,504 | ---- | M] () -- C:\Documents and Settings\Owner\desktop\tdsskiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\winn32\*.* >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.exe >
< %ProgramFiles%\TinyProxy. >
< %systemroot%\system32\*.* /lockedfiles >
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\desk0.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\nvrsko9.dll
< %systemroot%\Tasks\*.job /lockedfiles >
[2011/06/17 17:48:01 | 000,000,312 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\FQBBLJOX.job
[2011/06/17 17:47:54 | 000,000,300 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\TXLUCZBHVQ.job
< %systemroot%\system32\drivers\*.* /lockedfiles >
< %PROGRAMFILES%\*. >
[2010/09/04 14:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\3Com
[2010/09/04 13:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/09/07 00:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/16 19:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2010/09/04 21:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/09/04 20:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\BestOn
[2010/09/07 00:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/09/04 13:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/04 21:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/09/04 23:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/09/04 14:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2011/06/13 19:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/09/04 14:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Funk Software
[2011/06/17 17:47:06 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2011/01/02 02:12:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/04 14:29:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/16 17:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/13 20:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/11/04 19:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/09/04 13:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/09/04 14:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/06/16 19:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/04 23:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/09/04 13:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/09/04 23:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/21 06:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/04 13:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/04 20:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/11/04 19:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2010/09/04 13:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime Alternative
[2010/09/04 13:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/06/16 18:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\TelevisionFanatic
[2011/03/30 19:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\TelevisionFanaticEI
[2010/09/04 13:33:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/12/24 03:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2010/09/04 13:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/04 13:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/09/04 13:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/09/04 13:27:07 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
< MD5 for: AGP440.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 21:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/13 16:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: DISK.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/02/10 20:55:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=47B6AAEC570F2C11D8BAD80A064D8ED1 -- C:\WINDOWS\system32\drivers\disk.sys
< MD5 for: NETLOGON.DLL >
[2010/02/10 20:57:17 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 23:53:04
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/10 20:56:13 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/10 20:56:13 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< >
< End of report >
OTL Extras logfile created on: 6/17/2011 6:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.97 Mb Total Physical Memory | 94.60 Mb Available Physical Memory | 18.51% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.36 Gb Free Space | 81.49% Space Free | Partition Type: NTFS
Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = Zoom 2.0 Webcam
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A90A9CE-0B49-4A02-94F5-C864BA33A916}" = Performance USB keyboard hotkey blocker
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}" = User Profile Helper Cleanup Service
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 Service Pack 1
"{DF157E38-A290-4265-844B-687E5707899E}" = WebCam Suite 2.0
"{E255419E-9B70-4BF3-8EA6-7D6067058F3A}" = O2UsbCrd
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast" = avast! Free Antivirus
"CNXT_MODEM" = AC97 SoftV92 Data Fax Modem
"Glary Utilities_is1" = Glary Utilities 2.34.0.1190
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoScape" = PhotoScape
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Unlocker" = Unlocker 1.8.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/29/2010 7:15:47 AM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 1/1/2011 8:22:25 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application WPC54CFG.exe, version 2.0.2.21, faulting module
rpcrt4.dll, version 5.1.2600.6022, fault address 0x000856a3.
Error - 1/1/2011 10:49:20 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10d.ocx, version 10.0.42.34, fault address 0x00169f8e.
Error - 1/2/2011 5:55:55 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x50ff018b.
Error - 2/19/2011 11:09:29 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 2/19/2011 11:09:29 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 2/21/2011 6:47:40 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 2/21/2011 11:36:54 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Error - 3/14/2011 10:44:16 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 3/14/2011 10:44:16 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
[ System Events ]
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 6/16/2011 11:10:05 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/17/2011 12:17:54 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 1:18:13 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 1:42:51 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 3:17:26 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 7:50:48 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 8:48:19 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
< End of report >
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 18:03:28
-----------------------------
18:03:28.932 OS Version: Windows 5.1.2600 Service Pack 3
18:03:28.932 Number of processors: 1 586 0x207
18:03:28.932 ComputerName: ANONYMOUS UserName: Owner
18:03:33.819 AVAST engine 6.0.1125 defs: 11061701
18:03:33.819 Initialize success
18:04:08.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:04:08.569 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
18:04:08.729 Device \Driver\atapi -> DriverStartIo 82ee331b
18:04:10.922 Disk 0 MBR read successfully
18:04:11.102 Disk 0 MBR scan
18:04:11.292 Disk 0 MBR:Alureon-G [Rtk]
18:04:11.503 Disk 0 TDL4@MBR code has been found
18:04:11.723 Disk 0 Windows XP default MBR code found via API
18:04:12.023 Disk 0 MBR hidden
18:04:12.274 Disk 0 MBR [TDL4] **ROOTKIT**
18:04:12.544 Disk 0 trace - called modules:
18:04:12.835 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ee34d0]<<
18:04:13.115 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
18:04:13.436 3 CLASSPNP.SYS[f86c6fd7] -> nt!IofCallDriver -> \Device\00000076[0x82f90f18]
18:04:13.776 5 ACPI.sys[f8609620] -> nt!IofCallDriver -> [0x82f86d98]
18:04:14.177 \Driver\atapi[0x82f7e370] -> IRP_MJ_CREATE -> 0x82ee34d0
18:04:14.567 AVAST engine scan C:\WINDOWS\system32
18:06:08.972 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:06:09.392 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 19:22:11
-----------------------------
19:22:11.052 OS Version: Windows 5.1.2600 Service Pack 3
19:22:11.052 Number of processors: 1 586 0x207
19:22:11.052 ComputerName: ANONYMOUS UserName: Owner
19:22:15.158 AVAST engine 6.0.1125 defs: 11061701
19:22:15.158 Initialize success
19:22:19.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:22:19.564 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
19:22:19.844 Device \Driver\atapi -> DriverStartIo 82ee331b
19:22:22.027 Disk 0 MBR read successfully
19:22:22.268 Disk 0 MBR scan
19:22:22.608 Disk 0 MBR:Alureon-G [Rtk]
19:22:22.839 Disk 0 TDL4@MBR code has been found
19:22:23.079 Disk 0 Windows XP default MBR code found via API
19:22:23.399 Disk 0 MBR hidden
19:22:23.800 Disk 0 MBR [TDL4] **ROOTKIT**
19:22:24.080 Disk 0 trace - called modules:
19:22:24.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ee34d0]<<
19:22:24.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
19:22:25.022 3 CLASSPNP.SYS[f86c6fd7] -> nt!IofCallDriver -> \Device\00000076[0x82f90f18]
19:22:25.402 5 ACPI.sys[f8609620] -> nt!IofCallDriver -> [0x82f86d98]
19:22:25.803 \Driver\atapi[0x82f7e370] -> IRP_MJ_CREATE -> 0x82ee34d0
19:22:26.213 AVAST engine scan C:\WINDOWS\system32
19:22:49.457 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:22:49.948 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
OTL logfile created on: 6/17/2011 6:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.97 Mb Total Physical Memory | 94.60 Mb Available Physical Memory | 18.51% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.36 Gb Free Space | 81.49% Space Free | Partition Type: NTFS
Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.com
PRC - [2011/05/10 05:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/06/11 16:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2010/02/10 20:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/14 12:39:48 | 000,024,641 | ---- | M] () -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
PRC - [2004/07/27 18:11:14 | 005,434,880 | ---- | M] (The Linksys Group, Inc.) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.exe
========== Modules (SafeList) ==========
MOD - [2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\desktop\OTL.com
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (UPHClean)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/11 16:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2003/11/13 11:29:40 | 000,455,680 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe -- (NICSer_WPC54G)
========== Driver Services (SafeList) ==========
DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/10 21:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2007/01/25 09:07:06 | 000,530,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt931a.sys -- (SQ931)
DRV - [2004/03/10 19:54:32 | 000,385,536 | ---- | M] (Cisco-Linksys LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TNET1130x.sys -- (TNET1130x)
DRV - [2004/01/26 18:42:44 | 000,728,083 | ---- | M] (Xirlink, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ucdnt.sys -- (XIRLINK)
DRV - [2003/10/14 14:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 14:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 14:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/16 20:28:02 | 000,017,142 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/05/14 14:01:42 | 000,062,673 | R--- | M] (Funk Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\odysseyIM3.sys -- (odysseyIM3)
DRV - [2003/01/23 14:37:50 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/22 15:47:34 | 000,003,104 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\OzCrd2k.sys -- (OzCrd2k)
DRV - [2002/04/05 13:00:54 | 000,073,827 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90XBC)
DRV - [2001/11/29 15:13:10 | 000,094,736 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Intel 82801 Audio Driver (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.easyseek.com/?opts=yes&hp=11&c=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = https://www.facebook.com/?ref=hp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2011/06/13 04:45:04 | 000,000,919 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 67.205.118.181 www.google.com
O1 - Hosts: 67.205.118.182 search.yahoo.com
O1 - Hosts: 67.205.118.182 www.bing.com
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 18
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/04 13:29:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDE470A3-C647-44DF-8A0D-8876ED3D61B2} - rundll32.exe "C:\Documents and Settings\Owner\Application Data\Sun\gfdt4.dll", UnregisterDll
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP
ActiveX: >{99820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\ucdvfw.dll (Xirlink, Inc)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XJPG - C:\WINDOWS\System32\CamFC.dll (Xirlink)
Drivers32: VIDC.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xl_yv12.dll (Xirlink, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (75730379486527488)
========== Files/Folders - Created Within 30 Days ==========
[2011/06/17 18:19:47 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/17 18:01:39 | 004,130,419 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2011/06/17 17:58:38 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/06/16 19:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/06/16 19:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/16 19:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/16 19:11:07 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/16 19:11:06 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/16 19:10:58 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/16 19:10:58 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/16 19:10:54 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/16 19:10:49 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/16 19:10:49 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/16 19:10:48 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/16 19:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/16 19:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/16 19:09:45 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/16 19:09:43 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/16 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/16 19:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/16 18:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/06/09 16:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/09 16:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/06/09 13:51:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/09 12:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{576B2E82-6953-430F-9534-6477694D6808}
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/17 18:19:55 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/17 18:06:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/17 17:51:18 | 004,130,419 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2011/06/17 17:49:29 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/06/17 17:49:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/17 17:49:24 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/06/17 17:48:12 | 000,012,657 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/06/17 17:48:01 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\FQBBLJOX.job
[2011/06/17 17:47:54 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\TXLUCZBHVQ.job
[2011/06/17 17:47:46 | 001,369,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/06/17 17:47:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/17 17:42:00 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2011/06/17 17:20:47 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Glary Utilities.lnk
[2011/06/17 16:57:31 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/16 19:21:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 19:13:20 | 000,012,160 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/16 19:11:10 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 19:03:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E857783A-8EC4-4823-8D25-C64FB195442D}.job
[2011/06/16 18:31:44 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/06/16 17:15:16 | 000,013,410 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/16 17:15:15 | 000,013,410 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/13 04:45:04 | 000,000,919 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 06:47:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 13:26:38 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\mlog
[2011/06/09 13:10:46 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\ylog
[2011/06/09 12:34:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Izevux.bin
[2011/06/09 12:34:43 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tyucal.dat
[2011/06/09 08:57:36 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sign in to Yahoo!.url
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\nvrsko9.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () -- C:\WINDOWS\System32\desk0.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/23 03:45:23 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/17 18:06:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/17 18:01:39 | 001,369,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2011/06/16 19:21:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/16 19:21:49 | 000,039,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/16 19:21:31 | 000,022,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/16 19:11:10 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/16 19:01:45 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_av_free.exe
[2011/06/16 17:22:36 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:45:46 | 000,012,160 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/13 19:45:46 | 000,005,656 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\pua522agfx3s2164vd02um8368rc
[2011/06/10 06:52:12 | 000,013,410 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/10 06:52:12 | 000,013,410 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\286d533suswx4npd24ql5wd4vtyty8q
[2011/06/09 16:07:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/09 12:49:42 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\mlog
[2011/06/09 12:40:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\ylog
[2011/06/09 12:34:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Izevux.bin
[2011/06/09 12:34:43 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tyucal.dat
[2011/06/09 05:48:33 | 000,000,312 | -HS- | C] () -- C:\WINDOWS\tasks\FQBBLJOX.job
[2011/06/09 05:48:33 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\TXLUCZBHVQ.job
[2011/06/09 05:47:32 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\nvrsko9.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | C] () -- C:\WINDOWS\System32\desk0.dll
[2011/05/27 10:26:16 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E857783A-8EC4-4823-8D25-C64FB195442D}.job
[2010/09/04 23:51:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/04 20:52:28 | 000,708,608 | ---- | C] () -- C:\WINDOWS\SQCap.exe
[2010/09/04 20:52:28 | 000,151,552 | ---- | C] () -- C:\WINDOWS\SQ931STI.exe
[2010/09/04 20:52:27 | 000,530,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2010/09/04 20:52:27 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2010/09/04 17:34:12 | 000,036,864 | ---- | C] () -- C:\WINDOWS\VMonitor.exe
[2010/09/04 14:59:33 | 000,012,657 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/04 14:57:49 | 000,084,644 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad17.bin
[2010/09/04 14:57:49 | 000,083,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\FwRad16.bin
[2010/09/04 13:48:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/09/04 13:46:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/04 13:46:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/04 13:46:53 | 002,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2010/09/04 13:46:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/09/04 13:46:47 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/04 13:30:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/04 13:25:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/04 13:22:59 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/04 13:22:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/09/04 13:22:47 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/09/04 08:13:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/04 08:08:20 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 13:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 13:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/04/14 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 04:00:00 | 000,442,704 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 04:00:00 | 000,071,930 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/05/10 04:47:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DMFileMan.dll
[2003/01/22 15:47:34 | 000,003,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\OzCrd2k.sys
[2002/07/25 16:21:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\O2USB.exe
[2002/03/19 15:30:00 | 000,045,632 | ---- | C] () -- C:\WINDOWS\System32\TaskSwitch.exe
========== Custom Scans ==========
< %APPDATA%\Microsoft\*.* >
[2011/02/28 05:38:17 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %USERPROFILE%\Desktop\*.exe >
[2011/06/17 17:42:00 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\desktop\aswMBR.exe
[2011/06/17 17:51:18 | 004,130,419 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\desktop\Combo-Fix.exe
[2010/09/17 17:32:18 | 017,327,195 | ---- | M] (Mooii) -- C:\Documents and Settings\Owner\desktop\PhotoScapeSetup_V3.5.exe
[2011/06/16 18:31:44 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Owner\desktop\setup_av_free.exe
[2011/06/17 17:47:46 | 001,369,504 | ---- | M] () -- C:\Documents and Settings\Owner\desktop\tdsskiller.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\winn32\*.* >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.exe >
< %ProgramFiles%\TinyProxy. >
< %systemroot%\system32\*.* /lockedfiles >
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\desk0.dll
[2011/06/09 05:47:32 | 000,102,400 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\nvrsko9.dll
< %systemroot%\Tasks\*.job /lockedfiles >
[2011/06/17 17:48:01 | 000,000,312 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\FQBBLJOX.job
[2011/06/17 17:47:54 | 000,000,300 | -HS- | M] () Unable to obtain MD5 -- C:\WINDOWS\Tasks\TXLUCZBHVQ.job
< %systemroot%\system32\drivers\*.* /lockedfiles >
< %PROGRAMFILES%\*. >
[2010/09/04 14:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\3Com
[2010/09/04 13:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2010/09/07 00:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/16 19:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2010/09/04 21:42:59 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/09/04 20:51:58 | 000,000,000 | ---D | M] -- C:\Program Files\BestOn
[2010/09/07 00:54:15 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/09/04 13:24:50 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/09/04 21:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/09/04 23:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/09/04 14:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2011/06/13 19:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/09/04 14:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Funk Software
[2011/06/17 17:47:06 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2011/01/02 02:12:01 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/04 14:29:47 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/04/16 17:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/13 20:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/11/04 19:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/09/04 13:46:52 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2010/09/04 14:57:48 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/06/16 19:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/04 23:48:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/09/04 13:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/09/04 23:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/04/21 06:01:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/09/04 13:40:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/04 20:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/11/04 19:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\PhotoScape
[2010/09/04 13:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime Alternative
[2010/09/04 13:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2011/06/16 18:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\TelevisionFanatic
[2011/03/30 19:10:18 | 000,000,000 | ---D | M] -- C:\Program Files\TelevisionFanaticEI
[2010/09/04 13:33:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/12/24 03:01:08 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2010/09/04 13:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/09/04 13:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/09/04 13:20:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/09/04 13:27:07 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
< MD5 for: AGP440.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 21:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/13 16:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: DISK.SYS >
[2010/02/10 21:12:25 | 012,132,620 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2010/02/10 20:55:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=47B6AAEC570F2C11D8BAD80A064D8ED1 -- C:\WINDOWS\system32\drivers\disk.sys
< MD5 for: NETLOGON.DLL >
[2010/02/10 20:57:17 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=DAB13813B25B3D009B2AC1194CF5D0A2 -- C:\WINDOWS\system32\netlogon.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 23:53:04
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/10 20:56:13 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/22 05:08:35 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/10 20:56:13 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
< >
< End of report >
OTL Extras logfile created on: 6/17/2011 6:26:04 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
510.97 Mb Total Physical Memory | 94.60 Mb Available Physical Memory | 18.51% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 68.99% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 30.36 Gb Free Space | 81.49% Space Free | Partition Type: NTFS
Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = Zoom 2.0 Webcam
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}" = Wireless-G Notebook Adapter
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{417B79C9-CDB4-477F-952D-840CEFC57A6C}" = AccessDirect
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A90A9CE-0B49-4A02-94F5-C864BA33A916}" = Performance USB keyboard hotkey blocker
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}" = User Profile Helper Cleanup Service
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 Service Pack 1
"{DF157E38-A290-4265-844B-687E5707899E}" = WebCam Suite 2.0
"{E255419E-9B70-4BF3-8EA6-7D6067058F3A}" = O2UsbCrd
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast" = avast! Free Antivirus
"CNXT_MODEM" = AC97 SoftV92 Data Fax Modem
"Glary Utilities_is1" = Glary Utilities 2.34.0.1190
"IObit Security 360_is1" = IObit Security 360
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotoScape" = PhotoScape
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Unlocker" = Unlocker 1.8.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/29/2010 7:15:47 AM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 1/1/2011 8:22:25 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application WPC54CFG.exe, version 2.0.2.21, faulting module
rpcrt4.dll, version 5.1.2600.6022, fault address 0x000856a3.
Error - 1/1/2011 10:49:20 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10d.ocx, version 10.0.42.34, fault address 0x00169f8e.
Error - 1/2/2011 5:55:55 AM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x50ff018b.
Error - 2/19/2011 11:09:29 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 2/19/2011 11:09:29 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 2/21/2011 6:47:40 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.
Error - 2/21/2011 11:36:54 PM | Computer Name = ANONYMOUS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.
Error - 3/14/2011 10:44:16 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 3/14/2011 10:44:16 PM | Computer Name = ANONYMOUS | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
[ System Events ]
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31
Error - 6/16/2011 10:55:27 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswRdr aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
Error - 6/16/2011 11:10:05 PM | Computer Name = ANONYMOUS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 6/17/2011 12:17:54 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 1:18:13 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 1:42:51 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 3:17:26 AM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 7:50:48 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
Error - 6/17/2011 8:48:19 PM | Computer Name = ANONYMOUS | Source = Service Control Manager | ID = 7023
Description = The User Profile Helper Cleanup service terminated with the following
error: %%126
< End of report >
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 18:03:28
-----------------------------
18:03:28.932 OS Version: Windows 5.1.2600 Service Pack 3
18:03:28.932 Number of processors: 1 586 0x207
18:03:28.932 ComputerName: ANONYMOUS UserName: Owner
18:03:33.819 AVAST engine 6.0.1125 defs: 11061701
18:03:33.819 Initialize success
18:04:08.438 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:04:08.569 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
18:04:08.729 Device \Driver\atapi -> DriverStartIo 82ee331b
18:04:10.922 Disk 0 MBR read successfully
18:04:11.102 Disk 0 MBR scan
18:04:11.292 Disk 0 MBR:Alureon-G [Rtk]
18:04:11.503 Disk 0 TDL4@MBR code has been found
18:04:11.723 Disk 0 Windows XP default MBR code found via API
18:04:12.023 Disk 0 MBR hidden
18:04:12.274 Disk 0 MBR [TDL4] **ROOTKIT**
18:04:12.544 Disk 0 trace - called modules:
18:04:12.835 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ee34d0]<<
18:04:13.115 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
18:04:13.436 3 CLASSPNP.SYS[f86c6fd7] -> nt!IofCallDriver -> \Device\00000076[0x82f90f18]
18:04:13.776 5 ACPI.sys[f8609620] -> nt!IofCallDriver -> [0x82f86d98]
18:04:14.177 \Driver\atapi[0x82f7e370] -> IRP_MJ_CREATE -> 0x82ee34d0
18:04:14.567 AVAST engine scan C:\WINDOWS\system32
18:06:08.972 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:06:09.392 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-17 19:22:11
-----------------------------
19:22:11.052 OS Version: Windows 5.1.2600 Service Pack 3
19:22:11.052 Number of processors: 1 586 0x207
19:22:11.052 ComputerName: ANONYMOUS UserName: Owner
19:22:15.158 AVAST engine 6.0.1125 defs: 11061701
19:22:15.158 Initialize success
19:22:19.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:22:19.564 Disk 0 Vendor: HITACHI_DK23EB-40 00K0A0C0 Size: 38154MB BusType: 3
19:22:19.844 Device \Driver\atapi -> DriverStartIo 82ee331b
19:22:22.027 Disk 0 MBR read successfully
19:22:22.268 Disk 0 MBR scan
19:22:22.608 Disk 0 MBR:Alureon-G [Rtk]
19:22:22.839 Disk 0 TDL4@MBR code has been found
19:22:23.079 Disk 0 Windows XP default MBR code found via API
19:22:23.399 Disk 0 MBR hidden
19:22:23.800 Disk 0 MBR [TDL4] **ROOTKIT**
19:22:24.080 Disk 0 trace - called modules:
19:22:24.401 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82ee34d0]<<
19:22:24.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f92ab8]
19:22:25.022 3 CLASSPNP.SYS[f86c6fd7] -> nt!IofCallDriver -> \Device\00000076[0x82f90f18]
19:22:25.402 5 ACPI.sys[f8609620] -> nt!IofCallDriver -> [0x82f86d98]
19:22:25.803 \Driver\atapi[0x82f7e370] -> IRP_MJ_CREATE -> 0x82ee34d0
19:22:26.213 AVAST engine scan C:\WINDOWS\system32
19:22:49.457 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
19:22:49.948 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````