BACK DOOR BOT OR TROJAN

I have been infected before by the Back Door Bot and Trojan Agent. My computer all of a sudden has gotten very slow. This is usually what happens right before I get infected. I am running Windows XP with Service Pack 3. All items are up to date on my computer. I also have the following items on my computer: Spy Bot, CCleaner, AVG, Super Anti Spyware, Baseline Security Analyzer and Advanced System Care.

I had recently run a ESET scan when the computer began to get slow and it found and removed three items. Computer is still slow and is acting like it is infected.

I am posting logs now.

Thanks in advance for helping me.
Karen
--------------------
OTL logfile created on: 1/21/2012 10:53:02 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 74.87% Memory free
2.79 Gb Paging File | 2.33 Gb Available in Paging File | 83.37% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.59 Gb Free Space | 39.16% Space Free | Partition Type: NTFS

Computer Name: KURTCOMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv.view22.com/view22/app/view22rte.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe

Hello:

Having to post more OTL as I could not post all of it in the first post.

Karen
-----------------------------------------------
Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2008/05/07 15:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/02/23 16:04:32 | 000,013,496 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/16 11:13:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/16 11:13:34 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/22 20:49:34 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 23:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/03/17 08:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/06 10:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/11 13:37:20 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/03/11 13:37:19 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/02/17 15:52:38 | 000,228,344 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/08/29 03:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/07/16 12:40:09 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/07/16 12:40:08 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/06/30 17:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://wpad.wildblue.com/wpad.dat

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/22 09:57:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/08/11 13:25:03 | 000,437,776 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 15099 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Reg Error: Value error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab (Reg Error: Value error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (Reg Error: Value error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Value error.)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://hgtv.view22.com/view22/app/view22rte.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0}: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - Reg Error: Value error.
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - Reg Error: Value error.
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HandsFree Client - Reg Error: Value error.
SafeBootNet: McciCMService - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WZCSVC - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 20:18:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/01/21 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/21 13:07:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/01/16 14:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/01/16 14:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/05 15:37:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/27 20:29:24 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe
[2011/10/26 20:48:54 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup312.exe
[2011/09/14 10:56:24 | 038,958,968 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2011/07/23 19:56:18 | 005,570,000 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_en_2011_1390_free.exe
[2011/07/23 01:00:16 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jre-6u26-windows-i586-iftw.exe
[2011/06/15 16:32:55 | 000,547,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2535512-x86-ENU.exe
[2011/06/15 15:38:55 | 000,719,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2536276-x86-ENU.exe
[2011/06/15 11:14:28 | 010,494,336 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2497640-x86-ENU.exe
[2011/06/15 09:39:33 | 000,788,352 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-KB2544521-x86-ENU.exe
[2011/06/15 08:25:03 | 000,566,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2503665-x86-ENU.exe
[2011/06/15 07:09:31 | 000,802,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB2544893-x86-ENU.exe
[2011/02/04 01:59:58 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_2011_1204_cnet.exe
[2010/12/25 22:19:56 | 012,965,392 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer10-5GOLD.exe
[2010/12/25 21:03:20 | 012,252,656 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer11GOLD.exe
[2010/12/24 23:47:18 | 000,602,464 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer.exe
[2010/12/23 22:45:48 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2010/10/03 13:10:45 | 001,367,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\NDP35SP1-KB2416473-x86.exe
[2010/09/11 17:42:33 | 006,776,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsUpdateAgent30-x86.exe
[2010/07/24 11:14:38 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/07/13 18:38:55 | 000,745,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
[2010/05/22 14:28:32 | 006,108,728 | ---- | C] (Google Inc.) -- C:\Program Files\picasaweb-current-setup.exe
[2009/12/24 10:13:42 | 009,476,032 | ---- | C] (VS Revo Group ) -- C:\Program Files\RevoUninProSetup.exe
[2009/10/25 14:46:51 | 047,205,472 | ---- | C] ( ) -- C:\Program Files\setup_7.0.0.290_26.10.2009_00-18.exe
[2009/10/20 12:54:02 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2009/07/14 23:12:05 | 000,498,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
[2009/07/14 21:57:54 | 001,044,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
[2009/07/14 21:55:25 | 000,569,208 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
[2009/04/28 13:55:43 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
[2009/03/11 11:39:32 | 001,466,768 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
[2009/03/11 11:35:40 | 000,569,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
[2009/02/10 15:33:08 | 000,498,032 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
[2009/02/10 15:19:08 | 009,006,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
[2009/01/28 15:48:38 | 242,743,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
[2009/01/14 21:31:43 | 000,658,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB958687-x86-ENU.exe
[2008/12/17 14:04:39 | 002,552,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB960714-x86-ENU.exe
[2008/12/17 14:01:52 | 001,861,488 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB960714-x86-ENU.exe
[2008/12/11 14:50:18 | 009,005,936 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-KB958215-x86-ENU.exe
[2008/12/11 14:42:40 | 000,639,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB956802-x86-ENU.exe
[2008/12/11 14:40:08 | 006,483,344 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
[2008/12/11 14:35:14 | 000,606,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954600-x86-ENU.exe
[2008/12/11 14:29:14 | 000,523,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955839-x86-ENU.exe
[2008/11/11 20:03:08 | 000,725,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB957097-x86-ENU.exe
[2008/11/11 19:58:18 | 001,248,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB954459-x86-ENU.exe
[2008/11/11 19:54:34 | 000,952,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml6-KB954459-enu-x86.exe
[2008/11/11 19:41:57 | 005,687,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msxml4-KB954430-enu.exe
[2008/11/11 19:31:47 | 000,926,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955069-x86-ENU.exe
[2008/09/18 22:15:28 | 001,146,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web.exe
[2008/06/23 09:11:53 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2006/12/29 15:58:46 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/10/27 20:16:57 | 000,523,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920670-x86-ENU.exe
[2006/10/27 20:16:02 | 004,479,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921398-x86-ENU.exe
[2006/10/27 20:14:05 | 000,607,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB920683-x86-ENU.exe
[2006/10/27 20:13:03 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB921883-x86-ENU.exe
[2006/10/27 16:46:25 | 003,355,933 | ---- | C] ( ) -- C:\Program Files\PP_SP702.exe
[2006/10/27 09:19:17 | 000,681,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
[2006/10/27 08:51:04 | 000,317,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINDOWS OCT06.exe
[2006/08/02 11:07:44 | 005,706,384 | ---- | C] (Computer Associates International, Inc.) -- C:\Program Files\av72_en.exe

========== Files - Modified Within 30 Days ==========

[2012/01/21 22:51:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/01/21 22:43:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/21 22:42:41 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/21 20:16:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7CFDC687-E177-4C5A-8B4D-EECF79D4E953}.job
[2012/01/21 13:09:40 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:45 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2012/01/21 12:55:38 | 000,000,267 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/21 11:27:23 | 087,154,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2012/01/16 19:24:20 | 000,003,052 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/16 18:28:28 | 000,210,833 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjg.avm
[2012/01/12 07:50:30 | 000,196,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/05 14:44:32 | 000,463,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 14:44:32 | 000,079,024 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 22:36:53 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ESNIPE.url
[2011/12/27 20:29:24 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup314.exe

========== Files Created - No Company Name ==========

[2012/01/21 13:09:38 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20120121_130936.reg
[2012/01/21 12:55:38 | 000,000,267 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\64 GB iPod touch 4th gen- 4g HTC inspire.url
[2012/01/19 10:34:13 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ipod touch 4th gen. 64 GB.url
[2011/11/12 19:11:54 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2011/11/12 19:11:14 | 000,000,127 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2011/11/12 19:11:10 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2011/11/12 19:11:09 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2011/11/12 19:11:09 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2011/11/12 19:11:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2011/07/19 21:55:14 | 000,684,297 | ---- | C] () -- C:\Program Files\unhide.exe
[2011/07/18 18:36:53 | 000,003,052 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/08 21:30:54 | 000,029,520 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/06/08 21:30:51 | 000,013,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/03/20 18:22:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\smith.ini
[2011/01/28 01:04:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/28 01:04:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/28 01:04:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/21 01:14:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/21 01:14:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/19 10:37:52 | 002,270,216 | ---- | C] () -- C:\Program Files\advisor.exe
[2009/11/12 20:12:31 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/11/12 20:12:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/11/12 20:12:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/11/12 20:12:31 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/11/12 20:12:31 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/11/12 20:12:31 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/11/12 20:12:31 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/11/12 20:12:31 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/11/12 20:12:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/11/12 20:12:31 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/11/12 20:12:31 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/11/12 20:12:31 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/11/12 20:12:31 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/11/12 20:12:31 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/11/12 20:12:31 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/11/12 20:12:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/11/12 20:12:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/23 21:11:59 | 000,041,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/21 21:13:33 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/10/21 21:13:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/10/20 16:33:56 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/10/20 16:33:56 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/10/19 21:22:01 | 003,346,464 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/19 17:14:31 | 000,747,520 | ---- | C] () -- C:\Program Files\MicrosoftFixit50198.msi
[2009/10/17 17:16:11 | 000,260,272 | ---- | C] () -- C:\Program Files\cmldr
[2009/09/20 11:38:00 | 007,757,856 | ---- | C] () -- C:\Program Files\SUPERAntiSpyware.exe
[2009/07/25 10:23:43 | 002,052,104 | ---- | C] () -- C:\Program Files\advisor belarc.exe
[2009/06/04 17:19:37 | 009,234,289 | ---- | C] () -- C:\Program Files\7100.exe
[2009/06/04 13:15:53 | 014,243,328 | ---- | C] () -- C:\Program Files\DM510.32.4071221.EN.msi
[2009/03/10 08:45:48 | 000,000,224 | ---- | C] () -- C:\Program Files\fix.bat
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2009/01/03 23:38:10 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320.zip
[2009/01/02 15:01:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/01/02 14:57:31 | 001,945,096 | ---- | C] () -- C:\Program Files\BELARC advisor.exe
[2008/11/29 17:57:04 | 000,000,862 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/09 19:05:34 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
[2008/11/09 19:05:34 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
[2008/07/26 13:07:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/07/26 13:07:38 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/06/30 10:11:37 | 001,625,600 | ---- | C] () -- C:\Program Files\MBSASetup-x86-EN.msi
[2008/06/08 18:21:58 | 001,114,576 | ---- | C] () -- C:\Program Files\revosetup.exe
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 00:04:09 | 008,155,851 | ---- | C] () -- C:\Program Files\Photoshop_albumSE_en_us_320 april 08.zip
[2008/04/24 23:31:10 | 006,957,056 | ---- | C] () -- C:\Program Files\PhotoLibrary.msp
[2007/09/27 09:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/12/17 21:44:05 | 020,036,629 | ---- | C] () -- C:\Program Files\eppwin300aus.exe
[2006/11/25 17:31:49 | 000,379,823 | ---- | C] () -- C:\Program Files\KeyGenerate.zip
[2006/11/06 16:49:23 | 000,064,512 | ---- | C] () -- C:\Program Files\Compatibility_Check.exe
[2006/10/27 16:56:47 | 000,002,550 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/10/27 16:56:47 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2006/09/25 03:33:04 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/05/03 22:08:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2006/01/12 16:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 16:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/12/14 16:35:42 | 000,000,561 | ---- | C] () -- C:\Program Files\os449133.bin
[2005/12/14 16:34:55 | 000,000,209 | ---- | C] () -- C:\WINDOWS\IC32.INI
[2005/12/14 16:15:33 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2005/12/14 16:15:33 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/12/02 14:19:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/10/30 14:55:18 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2R.DLL
[2005/10/16 10:58:24 | 006,635,997 | ---- | C] () -- C:\Program Files\photoshop_album_SE_3_0_ue.zip
[2005/04/28 17:27:54 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2005/04/28 12:57:13 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf(2).exe
[2005/04/28 12:57:12 | 000,030,942 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2005/04/27 20:22:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/04/27 20:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/27 20:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 15:24:46 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2004/12/13 17:26:43 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2004/12/13 17:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2004/12/13 17:26:43 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2004/12/13 17:26:23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2004/12/03 00:09:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\.dat
[2004/12/03 00:09:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2004/11/30 22:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alpha.dll
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone.exe
[2004/11/20 13:36:32 | 000,347,015 | ---- | C] () -- C:\WINDOWS\System32\zglophone(2).exe
[2004/09/30 14:48:35 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/30 14:48:35 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF(2).ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers.ini
[2004/09/28 16:21:43 | 000,000,073 | ---- | C] () -- C:\WINDOWS\savers(2).ini
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2004/09/28 13:18:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216(2).dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2004/09/28 13:18:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16(2).dll
[2004/08/19 10:12:57 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/06/07 17:10:48 | 000,020,758 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/06/07 17:10:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer(2).ini
[2004/06/03 16:22:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\AVShlExt(2).dll
[2004/06/03 16:22:48 | 000,021,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Filt(2).sys
[2004/06/03 16:22:48 | 000,015,667 | ---- | C] () -- C:\WINDOWS\System32\drivers\Vet-Rec(2).sys
[2004/05/31 17:27:45 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2004/05/30 17:43:55 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2004/05/28 17:48:22 | 000,049,210 | ---- | C] () -- C:\WINDOWS\System32\vzServices.dll
[2004/05/28 14:18:27 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\igfxext(2).exe
[2004/05/28 14:18:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ialmrem.dll
[2004/05/28 13:31:48 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/05/28 13:08:23 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/05/28 12:21:56 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2004/05/28 12:12:40 | 000,002,048 | ---- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/28 12:06:21 | 000,000,057 | ---- | C] () -- C:\WINDOWS\control(2).ini
[2004/05/28 12:03:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/28 12:03:22 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin(2).ini
[2004/05/28 12:03:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb(2).ini
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/05/28 04:53:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST(2).INI
[2004/05/28 04:52:47 | 000,196,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 12:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 12:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 12:48:31 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32(2).dll
[2003/07/16 12:44:08 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv(2).sys
[2003/07/16 12:42:58 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir(2).exe
[2003/07/16 12:41:25 | 000,463,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 12:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 12:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 12:41:21 | 000,079,024 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 12:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 12:35:28 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2003/07/16 12:35:27 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap(2).ini
[2003/07/16 12:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 12:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 12:30:49 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32(2).dll
[2003/07/16 12:27:57 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ersvc(3)(2).dll
[2003/07/16 12:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 12:27:10 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx(2).exe
[2003/07/16 12:26:42 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2003/07/16 12:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/16 12:24:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream(2).dll
[2001/08/17 14:36:42 | 000,055,296 | ---- | C] () -- C:\WINDOWS\System32\dvdplay(2).exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/11/09 14:01:31 | 000,000,255 | ---- | M] () -- C:\WINDOWS\system32\config\systemprofile\WGAErrLog.txt

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2009/04/23 17:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\$AVG8.VAULT$
[2011/02/02 15:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2004/11/30 22:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2011/09/14 10:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/09/29 17:25:26 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/04/27 13:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2008/09/30 23:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2007/06/30 21:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\BJPrinter
[2005/04/26 13:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2009/06/15 20:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2011/10/26 20:49:45 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/03/11 11:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\CenturyLink
[2012/01/15 03:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/05/10 08:35:41 | 000,000,000 | ---D | M] -- C:\Program Files\EMBARQ
[2012/01/21 20:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2011/12/15 13:46:30 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/01/23 19:52:43 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2008/05/07 22:55:35 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/01/05 14:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/08/26 11:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Baseline Security Analyzer 2
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/09/20 16:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/11/14 16:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/09/18 22:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/11/12 18:53:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2011/03/11 11:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\Motive
[2010/08/11 17:22:36 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2007/10/05 22:13:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/05/07 22:55:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/05/28 12:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/09/18 22:38:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Messenger
[2007/12/19 12:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/05/07 22:50:23 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/19 22:07:30 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 15:35:12 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/01/03 23:40:12 | 000,000,000 | ---D | M] -- C:\Program Files\Photoshop_albumSE_en_us_320
[2011/04/29 11:57:08 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2011/09/14 11:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/25 20:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/10/05 22:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/11/05 21:20:18 | 000,000,000 | ---D | M] -- C:\Program Files\s450Win2kXPv162
[2006/11/06 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2010/12/24 20:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/07/24 19:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/14 08:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2011/07/19 20:10:16 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/10/13 19:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2008/05/18 11:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Updater5
[2011/03/12 15:56:37 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Assistant
[2009/06/05 10:03:51 | 000,000,000 | ---D | M] -- C:\Program Files\Visioneer OneTouch
[2011/07/19 21:48:50 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/05/09 14:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/05/09 14:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 12:57:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2012/01/05 15:31:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/09/26 23:42:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/23 22:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/07/21 23:04:00 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/07 22:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/09/05 09:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2004/05/28 13:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\WordPerfect Office 11
[2004/05/28 12:10:37 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2003/07/16 12:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:disk.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/19 10:53:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:disk.sys
[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/03 21:59:54 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 23:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 23:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-11 06:49:13

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 03:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Hello:

Posted OTL and will now post other required items.

Thanks,
Karen
-------------------------
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 23:34:47
-----------------------------
23:34:47.859 OS Version: Windows 5.1.2600 Service Pack 3
23:34:47.859 Number of processors: 1 586 0x209
23:34:47.859 ComputerName: KURTCOMPUTER UserName: Owner
23:34:50.109 Initialize success
23:35:24.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:35:24.140 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
23:35:24.171 Disk 0 MBR read successfully
23:35:24.171 Disk 0 MBR scan
23:35:24.187 Disk 0 Windows XP default MBR code
23:35:24.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
23:35:24.187 Disk 0 scanning sectors +78140160
23:35:24.281 Disk 0 scanning C:\WINDOWS\system32\drivers
23:35:43.687 Service scanning
23:35:45.406 Modules scanning
23:35:54.812 Disk 0 trace - called modules:
23:35:54.843 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
23:35:54.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5aaab8]
23:35:54.859 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5abd98]
23:35:54.859 Scan finished successfully
23:36:30.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:36:30.296 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


------------
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
OneCare Advisor (Windows Live Toolbar)
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Windows Defender Signatures
CCleaner
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

BUMP please.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

********************************************
P2P - I see you have P2P software installed on your machine. (BearShare)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.



* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************************

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )


Last edited by Superdave on 25th January 2012, 12:02 am; edited 1 time in total

Hello Super Dave:

Thanks for agreeing to help me out. I am posting the items you requested.

Karen
------------------
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:24:28 on 2012-01-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1372 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mbam-setup.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\is-K5CV6.tmp\mbam-setup.tmp
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.dogpile.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://hgtv.view22.com/view22/app/view22rte.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D0DD7141-1879-4B82-865D-6E281102E8A0} : DhcpNameServer = 10.0.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-8 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-11-12 54760]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2003-7-16 14336]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-6-3 228344]
S4 SVKP;SVKP;\??\c:\windows\system32\svkp.sys --> c:\windows\system32\SVKP.sys [?]
.
=============== Created Last 30 ================
.
2012-01-24 03:22:15 -------- dc----w- C:\_OTL
2012-01-24 03:21:36 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 03:21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 03:20:44 9851496 ----a-w- c:\program files\mbam-setup.exe
2012-01-22 04:18:20 -------- d-----w- c:\program files\ESET
2012-01-16 22:21:55 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-01-16 22:21:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-28 04:29:24 3562624 ----a-w- c:\program files\ccsetup314.exe
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 04:48:54 3511776 ----a-w- c:\program files\ccsetup312.exe
2011-09-14 18:56:27 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12:45 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-24 03:56:27 5570000 ----a-w- c:\program files\avg_free_stb_en_2011_1390_free.exe
2011-07-23 09:00:17 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55:25 684297 ----a-w- c:\program files\unhide.exe
2011-06-16 00:32:56 547200 ----a-w- c:\program files\WindowsXP-KB2535512-x86-ENU.exe
2011-06-15 23:38:56 719232 ----a-w- c:\program files\WindowsXP-KB2536276-x86-ENU.exe
2011-06-15 19:14:29 10494336 ----a-w- c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
2011-06-15 17:39:33 788352 ----a-w- c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
2011-06-15 16:25:03 566144 ----a-w- c:\program files\WindowsXP-KB2503665-x86-ENU.exe
2011-06-15 15:09:32 802176 ----a-w- c:\program files\WindowsXP-KB2544893-x86-ENU.exe
2011-02-04 09:59:58 4738880 ----a-w- c:\program files\avg_free_stb_all_2011_1204_cnet.exe
2010-12-26 06:19:56 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03:20 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47:18 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18:23 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-10-03 21:10:46 1367912 ----a-w- c:\program files\NDP35SP1-KB2416473-x86.exe
2010-09-12 01:42:33 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15:26 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-07-14 02:38:55 745344 ----a-w- c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
2010-05-22 22:28:32 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37:56 2270216 ----a-w- c:\program files\advisor.exe
2010-02-21 19:57:41 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35:28 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04:01 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 22:47:55 47205472 ----a-w- c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
2009-10-25 20:03:19 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54:04 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35:03 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24:03 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-07-15 07:12:13 498544 ----a-w- c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
2009-07-15 05:58:01 1044856 ----a-w- c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
2009-07-15 05:55:40 569208 ----a-w- c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
2009-06-05 04:01:53 9234289 ----a-w- c:\program files\7100.exe
2009-06-04 21:16:13 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-28 21:56:05 16883056 ----a-w- c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
2009-04-01 03:21:35 224 -c--a-w- c:\program files\fix.bat
2009-03-11 19:39:35 1466768 ----a-w- c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
2009-03-11 19:35:49 569712 ----a-w- c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
2009-02-10 23:33:21 498032 ----a-w- c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
2009-02-10 23:19:12 9006448 ----a-w- c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
2009-01-29 00:06:27 242743296 ----a-w- c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
2009-01-15 05:31:45 658288 ----a-w- c:\program files\WindowsXP-KB958687-x86-ENU.exe
2009-01-02 22:57:39 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-12-17 22:04:39 2552176 -c--a-w- c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
2008-12-17 22:01:54 1861488 -c--a-w- c:\program files\WindowsXP-KB960714-x86-ENU.exe
2008-12-11 22:50:29 9005936 ----a-w- c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
2008-12-11 22:42:56 639856 ----a-w- c:\program files\WindowsXP-KB956802-x86-ENU.exe
2008-12-11 22:40:10 6483344 ----a-w- c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
2008-12-11 22:35:17 606064 ----a-w- c:\program files\WindowsXP-KB954600-x86-ENU.exe
2008-12-11 22:29:29 523120 ----a-w- c:\program files\WindowsXP-KB955839-x86-ENU.exe
2008-11-12 04:03:10 725360 ----a-w- c:\program files\WindowsXP-KB957097-x86-ENU.exe
2008-11-12 03:58:19 1248808 ----a-w- c:\program files\WindowsXP-KB954459-x86-ENU.exe
2008-11-12 03:54:35 952840 ----a-w- c:\program files\msxml6-KB954459-enu-x86.exe
2008-11-12 03:42:29 5687304 ----a-w- c:\program files\msxml4-KB954430-enu.exe
2008-11-12 03:31:49 926760 ----a-w- c:\program files\WindowsXP-KB955069-x86-ENU.exe
2008-06-23 17:11:54 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32:30 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58:46 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44:05 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49:20 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 04:17:00 523576 -c--a-w- c:\program files\WindowsXP-KB920670-x86-ENU.exe
2006-10-28 04:16:02 4479288 -c--a-w- c:\program files\WindowsXP-KB921398-x86-ENU.exe
2006-10-28 04:14:08 607544 -c--a-w- c:\program files\WindowsXP-KB920683-x86-ENU.exe
2006-10-28 04:13:03 701752 -c--a-w- c:\program files\WindowsXP-KB921883-x86-ENU.exe
2006-10-28 00:46:25 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 17:19:09 681784 -c--a-w- c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
2006-10-27 16:50:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07:44 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24:09 561 -c--a-w- c:\program files\os449133.bin
.
============= FINISH: 19:26:45.06 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/28/2004 1:12:34 PM
System Uptime: 1/23/2012 8:22:21 AM (11 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2392/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 14.416 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3062: 11/30/2011 9:14:58 PM - System Checkpoint
RP3063: 12/1/2011 9:56:17 PM - System Checkpoint
RP3064: 12/3/2011 11:59:36 AM - System Checkpoint
RP3065: 12/3/2011 2:46:30 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware version 1.51.2.1300
RP3066: 12/5/2011 9:37:14 AM - System Checkpoint
RP3067: 12/6/2011 10:05:22 AM - System Checkpoint
RP3068: 12/8/2011 8:02:21 PM - System Checkpoint
RP3069: 12/9/2011 9:33:39 PM - System Checkpoint
RP3070: 12/15/2011 11:08:26 AM - System Checkpoint
RP3071: 12/15/2011 1:39:12 PM - Software Distribution Service 3.0
RP3072: 12/17/2011 10:54:19 AM - System Checkpoint
RP3073: 12/22/2011 2:27:59 PM - System Checkpoint
RP3074: 12/23/2011 3:04:08 PM - System Checkpoint
RP3075: 12/24/2011 3:49:00 PM - System Checkpoint
RP3076: 12/25/2011 4:02:24 PM - System Checkpoint
RP3077: 12/26/2011 4:20:14 PM - System Checkpoint
RP3078: 12/27/2011 9:37:47 PM - System Checkpoint
RP3079: 12/31/2011 1:43:46 PM - System Checkpoint
RP3080: 1/1/2012 5:04:44 PM - System Checkpoint
RP3081: 1/3/2012 10:33:41 AM - System Checkpoint
RP3082: 1/5/2012 2:20:11 PM - Software Distribution Service 3.0
RP3083: 1/6/2012 2:28:27 PM - System Checkpoint
RP3084: 1/7/2012 7:15:58 PM - System Checkpoint
RP3085: 1/8/2012 7:55:26 PM - System Checkpoint
RP3086: 1/10/2012 10:42:01 PM - Software Distribution Service 3.0
RP3087: 1/13/2012 11:11:41 AM - System Checkpoint
RP3088: 1/14/2012 8:15:47 PM - System Checkpoint
RP3089: 1/15/2012 2:55:54 AM - Revo Uninstaller's restore point - Free 3GP Video Converter version 5.0.4.1228
RP3090: 1/16/2012 9:56:20 AM - System Checkpoint
RP3091: 1/16/2012 5:24:57 PM - Software Distribution Service 3.0
RP3092: 1/16/2012 6:18:35 PM - Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 1.60.0.1800
RP3093: 1/16/2012 8:45:13 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP3094: 1/19/2012 12:31:58 PM - System Checkpoint
RP3095: 1/21/2012 1:25:51 PM - System Checkpoint
RP3096: 1/21/2012 10:59:06 PM - OTL Restore Point - 1/21/2012 10:58:54 PM
RP3097: 1/23/2012 12:26:50 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
Apple Application Support
Apple Software Update
AVG 2012
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Canon CanoScan LiDE 100 User Registration
Canon MP Navigator EX 2.0
Canon S450
Canon Utilities Solution Menu
CanoScan LiDE 100 Scanner Driver
CCleaner
CenturyLink Help
CenturyLink Remote Control
Dell ResourceCD
ESET Online Scanner v3
Form Fill (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB954708)
Intel(R) Extreme Graphics Driver
Internet Explorer (Enable DEP)
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Map Button (Windows Live Toolbar)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Baseline Security Analyzer 2.2
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OneCare Advisor (Windows Live Toolbar)
OneTouch Version 3.0
PaperPort 7.02
Picasa 2
PMB
QuickTime
RealPlayer
Revo Uninstaller 1.92
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Segoe UI
Smart Defrag 2
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB961503)
Update for Windows XP (KB971029)
WD Diagnostics
Windows Defender Signatures
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Messenger 5.1
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WordPerfect Office 11
XML Paper Specification Shared Components Pack 1.0
XVID Codec Installation
.
==== Event Viewer Messages From Past Week ========
.
1/21/2012 8:03:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
1/19/2012 9:43:05 AM, error: Service Control Manager [7000] - The TICalc service failed to start due to the following error: The system cannot find the file specified.
1/19/2012 9:43:05 AM, error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: The system cannot find the file specified.
1/16/2012 9:15:35 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Error: Unable to interpret <:Processes -- this is the command for killing processes.> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01232012_192215

Hi Super Dave:

Forgot to post the MBAM information. The MBAM is a great program that I have downloaded before. As such, I wanted to keep it on my computer and rather than leave it on the desk top where I am putting other things you have asked me to download, I put it into my program files area. In doing so I noticed that several things in my C Local Disk area were light.
The light things are: cmdcons, Config.Msi, RECYCLER, System Volume Information and boot ini. I have never noticed this before. Is this OK?
Posting MBAM.

Thanks,
Karen
----

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.24.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: KURTCOMPUTER [administrator]

1/23/2012 7:52:56 PM
mbam-log-2012-01-23 (19-52-56).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268888
Time elapsed: 1 hour(s), 3 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Please go to Jotti's malware scan
(If more than one file needs scanned they must be done separately and links posted for each one)

* Copy the file path in the below Code box:



* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
********************************************************

I put it into my program files area. In doing so I noticed that several things in my C Local Disk area were light.
The light things are: cmdcons, Config.Msi, RECYCLER, System Volume Information and boot ini. I have never noticed this before. Is this OK?

That's where it's supposed to be. I'm not sure what you mean by "were light". Could you give me a screenshot?

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [URL="http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications.html"]here[/URL] for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Hi Super Dave:

Here is my Combo Fix Log:



ComboFix 12-01-23.02 - Owner 01/25/2012 18:53:58.12.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1592 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\commy.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\7100.exe
c:\program files\avg_free_stb_all_2011_1204_cnet.exe
c:\program files\avg_free_stb_en_2011_1390_free.exe
c:\program files\dotnetfx35_3dce66bae0dd71284ac7a971baed07030a186918.exe
c:\program files\IE7-WindowsXP-KB958215-x86-ENU.exe
c:\program files\IE7-WindowsXP-KB960714-x86-ENU.exe
c:\program files\ie7-windowsxp-kb961260-x86-enu_eda7c493b6032ebc849d9ca49db3b92a147e9b87.exe
c:\program files\IE8-WindowsXP-KB2497640-x86-ENU.exe
c:\program files\IE8-WindowsXP-KB2544521-x86-ENU.exe
c:\program files\ie8-windowsxp-x86-enu_e489483e5001f95da04e1ebf3c664173baef3e26.exe
c:\program files\msxml4-KB954430-enu.exe
c:\program files\msxml6-KB954459-enu-x86.exe
c:\program files\NDP35SP1-KB2416473-x86.exe
c:\program files\OCT 06 WindowsXP-KB914440-v12-x86-ENU.exe
c:\program files\setup_7.0.0.290_26.10.2009_00-18.exe
c:\program files\windowsxp-kb2229593-x86-enu_745d7b032115820cef735f83660c5e3c870da33b.exe
c:\program files\WindowsXP-KB2503665-x86-ENU.exe
c:\program files\WindowsXP-KB2535512-x86-ENU.exe
c:\program files\WindowsXP-KB2536276-x86-ENU.exe
c:\program files\WindowsXP-KB2544893-x86-ENU.exe
c:\program files\WindowsXP-KB920670-x86-ENU.exe
c:\program files\WindowsXP-KB920683-x86-ENU.exe
c:\program files\WindowsXP-KB921398-x86-ENU.exe
c:\program files\WindowsXP-KB921883-x86-ENU.exe
c:\program files\WindowsXP-KB954459-x86-ENU.exe
c:\program files\WindowsXP-KB954600-x86-ENU.exe
c:\program files\WindowsXP-KB955069-x86-ENU.exe
c:\program files\WindowsXP-KB955839-x86-ENU.exe
c:\program files\WindowsXP-KB956802-x86-ENU.exe
c:\program files\WindowsXP-KB957097-x86-ENU.exe
c:\program files\WindowsXP-KB958687-x86-ENU.exe
c:\program files\windowsxp-kb958690-x86-enu_e9dc6debddb3759a736f653cd6c4fe482d9ff141.exe
c:\program files\windowsxp-kb960225-x86-enu_bae2bc04b963c312a47f36bdea4a8236f7003d71.exe
c:\program files\WindowsXP-KB960714-x86-ENU.exe
c:\program files\windowsxp-kb960715-x86-enu_9680c60833b2798361ab182afdd5abd7beef3d06.exe
c:\program files\windowsxp-kb961371-x86-enu_a1f2c9e0b5b50808a9b87b855277401d0da99203.exe
c:\program files\windowsxp-kb971633-x86-enu_53c185a01195b208ebbefa903f703dc668698bbb.exe
c:\program files\windowsxp-kb973346-x86-enu_44c821d5d40db5542fbf81d0d8f17e95de465e27.exe
c:\program files\WindowsXP-WindowsMedia-KB952069-x86-ENU.exe
c:\windows\system32\odbcad32(2).exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 02:17 . 2012-01-26 02:38 -------- dc----w- C:\commy
2012-01-24 03:22 . 2012-01-24 03:22 -------- dc----w- C:\_OTL
2012-01-24 03:21 . 2012-01-24 03:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-24 03:21 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 03:20 . 2012-01-24 03:20 9851496 ----a-w- c:\program files\mbam-setup.exe
2012-01-22 04:18 . 2012-01-22 04:18 -------- d-----w- c:\program files\ESET
2012-01-16 22:21 . 2012-01-16 22:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-01-16 22:21 . 2012-01-16 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-28 04:29 . 2011-12-28 04:29 3562624 ----a-w- c:\program files\ccsetup314.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2003-07-16 20:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-07-16 20:40 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-07-14 16:59 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-07-16 20:43 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2010-10-14 16:46 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2010-10-14 16:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 19:20 . 2004-02-07 01:05 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 11:23 . 2004-08-04 05:59 385024 ------w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2003-07-16 20:42 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2003-05-13 17:28 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-06-01 01:17 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-27 04:48 . 2011-10-27 04:48 3511776 ----a-w- c:\program files\ccsetup312.exe
2011-09-14 18:56 . 2011-09-14 18:56 38958968 ----a-w- c:\program files\QuickTimeInstaller.exe
2011-07-25 03:12 . 2010-07-24 19:14 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-07-23 09:00 . 2011-07-23 09:00 908064 ----a-w- c:\program files\jre-6u26-windows-i586-iftw.exe
2011-07-20 05:55 . 2011-07-20 05:55 684297 ----a-w- c:\program files\unhide.exe
2010-12-26 06:19 . 2010-12-26 06:19 12965392 ----a-w- c:\program files\RealPlayer10-5GOLD.exe
2010-12-26 05:03 . 2010-12-26 05:03 12252656 ----a-w- c:\program files\RealPlayer11GOLD.exe
2010-12-25 07:47 . 2010-12-25 07:47 602464 ----a-w- c:\program files\RealPlayer.exe
2010-12-25 03:18 . 2010-12-24 06:45 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2010-09-12 01:42 . 2010-09-12 01:42 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2010-08-26 19:15 . 2008-06-30 18:11 1625600 -c--a-w- c:\program files\MBSASetup-x86-EN.msi
2010-05-22 22:28 . 2010-05-22 22:28 6108728 ----a-w- c:\program files\picasaweb-current-setup.exe
2010-04-19 18:37 . 2010-04-19 18:37 2270216 ----a-w- c:\program files\advisor.exe
2010-02-21 19:57 . 2009-09-20 19:38 7757856 ----a-w- c:\program files\SUPERAntiSpyware.exe
2010-02-05 19:35 . 2008-06-09 02:21 1114576 ----a-w- c:\program files\revosetup.exe
2010-01-07 20:04 . 2009-12-24 18:13 9476032 ----a-w- c:\program files\RevoUninProSetup.exe
2009-10-25 20:03 . 2009-10-20 01:14 747520 -c--a-w- c:\program files\MicrosoftFixit50198.msi
2009-10-20 20:54 . 2009-10-20 20:54 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2009-09-27 07:35 . 2008-09-19 06:15 1146184 ----a-w- c:\program files\wlsetup-web.exe
2009-07-25 18:24 . 2009-07-25 18:23 2052104 ----a-w- c:\program files\advisor belarc.exe
2009-06-04 21:16 . 2009-06-04 21:15 14243328 -c--a-w- c:\program files\DM510.32.4071221.EN.msi
2009-04-01 03:21 . 2009-03-10 16:45 224 -c--a-w- c:\program files\fix.bat
2009-01-02 22:57 . 2009-01-02 22:57 1945096 -c--a-w- c:\program files\BELARC advisor.exe
2008-06-23 17:11 . 2008-06-23 17:11 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-01-14 20:32 . 2008-04-25 07:31 6957056 -c--a-w- c:\program files\PhotoLibrary.msp
2006-12-29 23:58 . 2006-12-29 23:58 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-12-18 05:44 . 2006-12-18 05:44 20036629 -c--a-w- c:\program files\eppwin300aus.exe
2006-11-07 00:49 . 2006-11-07 00:49 64512 -c--a-w- c:\program files\Compatibility_Check.exe
2006-10-28 00:46 . 2006-10-28 00:46 3355933 -c--a-w- c:\program files\PP_SP702.exe
2006-10-27 16:50 . 2006-10-27 16:51 317248 -c--a-w- c:\program files\WINDOWS OCT06.exe
2006-08-02 19:07 . 2006-08-02 19:07 5706384 -c--a-w- c:\program files\av72_en.exe
2005-12-17 01:24 . 2005-12-15 00:35 561 -c--a-w- c:\program files\os449133.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-09-14 421888]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
c:\documents and settings\JEFF\Start Menu\Programs\Startup\
desktop(2).ini [2004-5-28 84]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PPWebCap"=c:\progra~1\ScanSoft\PAPERP~1\PPWebCap.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"OneTouch Monitor"=c:\program files\Visioneer OneTouch\OneTouchMon.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe
"BearShare"="c:\program files\BearShare\BearShare.exe" /pause
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"AVG9_TRAY"=c:\progra~1\AVG\AVG9\avgtray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"PMBVolumeWatcher"=c:\program files\Sony\PMB\PMBVolumeWatcher.exe
"Motive SmartBridge"=c:\progra~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe
"AVG_TRAY"=c:\program files\AVG\AVG10\avgtray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ScanSoft\\PaperPort\\NAVBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/8/2011 9:30 PM 13496]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 9:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 9:15 AM 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [10/24/2009 3:18 AM 360224]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [7/16/2003 12:47 PM 14336]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 9:15 AM 12872]
S4 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys --> c:\windows\system32\SVKP.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.dogpile.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-25 19:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\igfxpph.dll
c:\windows\system32\hccutils.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
Completion time: 2012-01-25 19:13:21
ComboFix-quarantined-files.txt 2012-01-26 03:12
.
Pre-Run: 15,442,825,216 bytes free
Post-Run: 15,409,852,416 bytes free
.
- - End Of File - - 22C7EB133A08C1B51C92E526A26B1FAD
---
The Jotti scan was not possible as it kept saying the file: c:\windows\system32\SVKP.sys did not exist.

Is there something different I can do instead of this?

Thanks,
Karen

Is there something different I can do instead of this?

No, that's ok.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

Hello Super Dave:

Here is the log created:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: B0B26F3C
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: B0B26FE4
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateThread
Address: B0B27080
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: B0B2711C
Driver Base: B0B26000
Driver End: B0B29000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Owner\My Documents\My Albums\KAREN\PURCHASES ONLINE\HISTORICAL ASSORTED\EBAY CAMERA\CAMERA THAT DID NOT ARRIVE\Forward from My Messages_ Message from eBay Member Regarding Item #220315414783 my post office no record of arrival 12
Status: Hidden

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\ammp3.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avcodec-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avformat-51.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare\avutil-49.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\BearShare
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common\InstallHelper.dll
Status: Access denied

Object: C:\Program Files\BigFix\BearShare Applications\Common
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Thanks,
Karen

Please give me an update on your computer.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hi Super Dave:

I am having trouble with items in my Word Perfect now with renaming files. I often will create a file by going to New and a Word Perfect document is created with the name, "New Word Perfect Document." I always immediately change that to what I want the file to be. Example: Correspondence from Super Dave. When I try to do that now I get a warning, : If you change a filel extension name it will become unstable. And if I go ahead it no longer has the Word Perfect symbol and I have to go to a select area to choose the program to open this item up. What happened? This was never like this before. I am going to do the ESET scan now, but wanted you to know about this problem. It is as if something was changed during one of the processes that you and I have done.

Thanks,
Karen

It is as if something was changed during one of the processes that you and I have done.

No. None of our scans would have done that.

When I try to do that now I get a warning, : If you change a filel extension name it will become unstable. And if I go ahead it no longer has the Word Perfect symbol and I have to go to a select area to choose the program to open this item up. What happened?

When you change a name of a file you need to add the same extension that the program calls for . Ex. Notepad files at .txt. What extension does Wordperfect use? If you change the extension, the file may not work.

Hi Super Dave:

It uses wpd. Tried that and that took care of that problem. I am also unable to delete Qoobox. It was left behind after doing Combo Fix. My machine is very slow now. Things take forever to load now.

Still waiting for ESET to finish.

Thanks,
Karen

I am also unable to delete Qoobox. It was left behind after doing Combo Fix. My machine is very slow now. Things take forever to load now.

We'll get rid of all those tools when we are finished. I'll wait for the ESET scan then go from there.

Hi Super Dave:

It did state that there were no threats.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098


Thanks,
Karen

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Hi Super Dave:

I wanted to thank you for helping me. I appreciate all you are doing. I wanted to tell you of another suspicious way in which my computer is now acting. As I go to pages on the internet now at the lower left corner of my computer I see things like: Waiting, downloading, waiting for http, four items remaining, etc. I have never had this before. I also note that I can not use my slide down bar on the right of the computer to move down the page while this crap is going on. I must wait patiently.

Here is the log:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-28 21:01:01
-----------------------------
21:01:01.448 OS Version: Windows 5.1.2600 Service Pack 3
21:01:01.448 Number of processors: 1 586 0x209
21:01:01.448 ComputerName: KURTCOMPUTER UserName: Owner
21:01:04.854 Initialize success
21:02:42.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:02:42.526 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
21:02:42.557 Disk 0 MBR read successfully
21:02:42.557 Disk 0 MBR scan
21:02:42.573 Disk 0 Windows XP default MBR code
21:02:42.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
21:02:42.573 Disk 0 scanning sectors +78140160
21:02:42.667 Disk 0 scanning C:\WINDOWS\system32\drivers
21:03:06.026 Service scanning
21:03:07.979 Modules scanning
21:03:17.385 Disk 0 trace - called modules:
21:03:17.417 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:03:17.417 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5bbab8]
21:03:17.417 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5b1d98]
21:03:17.432 Scan finished successfully
21:09:16.807 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:09:16.823 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Thanks,
Karen

Hi Super Dave:

I felt bad that we were not able to run the Jotti's malware scan. I looked the scan up on the internet and found out that one of the most powerful tools in Jotti's is the Dr. Web. Do you think I should download the Dr. Web?

Thanks,
Karen

As I go to pages on the internet now at the lower left corner of my computer I see things like: Waiting, downloading, waiting for http, four items remaining, etc. I have never had this before.

I get that constantly on my computer. Normal.

I also note that I can not use my slide down bar on the right of the computer to move down the page while this crap is going on. I must wait patiently.

Yes, it really ties up the computer. I have almost the same problem when I'm on this site. I have to wait until it updates before I can move on. It probably has to do with the speed of your internet.

Please download to your Desktop: DrWebCureIt

•After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet

•Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.

•This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.

•Once the short scan has finished, Click on the Complete scan radio button.

•Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language

•Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)

•On the File types tab ensure you select All files

•Click on the Actions tab and set the following:

•Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report

•Infected packages Archive = Move, E-mails = Report, Containers = Move

•Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move

•Do not change the Rename extension - default is: #??

•Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\

•Leave prompt on Action checked

•On the Log file tab leave the Log to file checked.

•Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

•Log mode = Append

•Encoding = ANSI

•Details Leave Names of file packers and Statistics checked.

•Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

•On the General tab leave the Scan Priority on High

•Click the Apply button at the bottom, and then the OK button.

•On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

•In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

•The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

•When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

•Click Yes to all if it asks if you want to cure/move the files.

•This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

•After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

•Save the report to your Desktop. The report will be called DrWeb.csv

•Close Dr.Web Cureit.

•Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

•After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply

Dear Super Dave:

I have been preparign to do the Dr. Web Cureit scan. In doing a previous scan of ComboFix I becamse aware that I could not turn off the AVG longer than 15 minutes by default. I note in the Dr. Web Cureit literature that the Dr. Web scan may take several hours even in the Express Scan mode. Because of this factor I felt I had to obtain different protection as we did the Dr. Web scan. I chose AVAST. I note that AVAST was suggested as an addition to one of the other scans we have already done. CNET also give AVAST high marks. At any rate, it appears that AVAST can be turned off longer so that the Dr. Web scan can be completed. I removed AVG and then downloaded AVAST. I was invited to do a scan and did so. AVAST found something and moved it to its chest. It says: C:\\WINDOWS\shf_migS\KB942763\update.exe. Severity is listed as high. Status: Win32:SwPatch [Wrm] Action: Moved to chest. Result: Action succesful. After that scan it was suggested by AVAST that I do a boot scan.
I agreed to that because AVAST told me there could be something icky there. The boot scan also found something. If actually found several items it called cyclic redundancy. One threat was also found and moved to the chest. I am upset that no log can be printed of this so that you can see what was done. I have tried to right click and copy to no avail.

Does this mean anything to you? I am preparing to do the Dr. Web now and will post that next. After that process is complete I will delete the AVAST and reinstall the AVG. I am not comfortable with the AVAST.

Thanks,
Karen

Does this mean anything to you? I am preparing to do the Dr. Web now and will post that next. After that process is complete I will delete the AVAST and reinstall the AVG. I am not comfortable with the AVAST.

You're better off without AVG. I would recommend MSE which is very user friendly.

4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Hi Super Dave:

Dr. Web scans are now done. I am going to uninstall AVAST and then reinstall AVG for now. I will investigate MSE. Never heard of it. Here are the scans from Dr. Web:

GetAd[1].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[3].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[3].aspx;Probably SCRIPT.Virus;;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[4].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[4].aspx;Probably SCRIPT.Virus;;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[5].aspx\JSFile_1[0][610];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[5].aspx;Probably SCRIPT.Virus;;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
ajs[1].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NCSUB2MF;Probably SCRIPT.Virus;;
ajs[3].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
GetAd[1].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
ajs[4].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VPN5OVGP;Probably SCRIPT.Virus;;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
setup.exe;C:\Program Files\Common Files\Real\Update_OB\~Upg0;Trojan.DownLoader3.10443;Deleted.;
A0502092.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3089;Tool.InstallToolbar.48 - read error;;
A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;
A0505605.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3108;Trojan.DownLoader3.10443;Deleted.;
-------
GetAd[1].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[3].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[3].aspx;Probably SCRIPT.Virus;;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[4].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[4].aspx;Probably SCRIPT.Virus;;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[5].aspx\JSFile_1[0][610];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[5].aspx;Probably SCRIPT.Virus;;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
ajs[1].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NCSUB2MF;Probably SCRIPT.Virus;Moved.;
ajs[3].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Moved.;
GetAd[1].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Invalid path to file ;
ajs[4].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VPN5OVGP;Probably SCRIPT.Virus;Moved.;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Moved.;
setup.exe;C:\Program Files\Common Files\Real\Update_OB\~Upg0;Trojan.DownLoader3.10443;Deleted.;
A0502092.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3089;Tool.InstallToolbar.48 - read error;Invalid path to file ;
A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;
A0505605.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3108;Trojan.DownLoader3.10443;Deleted.;
-----
Thanks,
Karen

Hi Super Dave:

Here is the Avenger log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
--------

I do not understand how this Avenger can say that nothing was found. The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable. Also I did an AVG scan as soon as I got it reloaded. AVG declared Rootkit found: hidden=not removed.

Thanks,
Karen

The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable.

Dr Web also showed this: A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;

Please run another scan with ESET and post the log. Also please run this next scanner.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

Hi Super Dave:


Here is the Bit Defender scan.


QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Thu Feb 02 22:41:43 2012
Machine ID: 781AED93



No infection found.
-------------------



Processes
---------
AVG Internet Security 408 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 3844 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 4088 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
AVG Internet Security 4068 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 2496 C:\Program Files\AVG\AVG2012\avgrsx.exe
AVG Internet Security 208 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 2976 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
CrypKey Software Licensing System 1884 C:\WINDOWS\system32\Crypserv.exe
mcci+McciCMService 1920 C:\Program Files\Common Files\Motive\McciCMService.exe
Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\spoolsv.exe
PMB 2000 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(verified) Microsoft® Windows® Operating System 2720 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2168 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3340 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1832 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 1960 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3336 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3348 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4016 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 443 (HTTP over SSL) --> 173.194.33.5
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 98.142.98.80
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process explorer.exe (2720) connected on port 80 (HTTP) --> 65.55.11.179
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (4016) connected on port 80 (HTTP) --> 173.194.33.6

Process svchost.exe (936) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
getPlus+(R) C:\WINDOWS\Downloaded Program Files\gp.ocx
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Picasa C:\Program Files\Picasa2\npPicasa2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: cf109aa996155b94980bec67896e4d6c C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: f37ec91e5d8c51c86dc0337cb84a15b8 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: cfc932d4a910be89f2107e9f26e83fe3 C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: 27cbe6684edb345083d15f2c93045df2 C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: b4866ba452702eb04fde2959e6f429ef C:\Program Files\AVG\AVG2012\avgcslx.dll
MD5: 7713613deef6cb1185c5ece19cb3651a C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: cac5ec89703f3fb7ef0c172c56bdc9f0 C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: 6d440ff3f44ca72edfd6176c6d6a89c0 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
MD5: 343e039c305c967478a37270209216e9 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: 10b0cdf6c807cabaec3fc33c639a7d6e C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: a9262a652353f644753b90265bed1478 C:\Program Files\AVG\AVG2012\avgse.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: 7e639f6e87ef2e1122097b95ab4b889b C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: a99783ada78e538fc9f5e7d9c21b33d2 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: 69a3f07fad1fed82fb70b561593bbf54 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 89b42ab664ddd9d69f1a7cb94f0d5985 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 46d748ab26eba869c6953863afd0617d c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcore.dll
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 3270cda806521b7ba0880b873856bc57 C:\Program Files\Picasa2\npPicasa2.dll
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files\QuickTime\qttask.exe
MD5: 94dfb62f51d7bcb03f80f9d33bb7f54f C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 985eff8b21f8f825aa156b2bd268f2b9 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 30257426f6da31808c6698ec01de2d97 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: 627fa58adc043704f9d14ca44340956f C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
MD5: 67d2688756dd304af655349baad82bff C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: 0e28e671281ebf1f1f8fe093d2bd4a7b C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: 2c2830b08045e2a1c1930eb064a8fac0 C:\Program Files\Windows Desktop Search\wdsShell.dll
MD5: ce41e6add1886dcffb9ce10e5fdf8b7a C:\Program Files\Windows Live\Family Safety\fsapi.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 2bc9e43f55de8c30fc817ed56d0ee907 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
MD5: 594b9d8194e3f4ecbf0325bd10bbeb05 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 9878a6010d689b057bb2933f78124617 C:\WINDOWS\Downloaded Program Files\gp.ocx
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: ea3af33a9341b88d23fdc20d6ec826fe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 327de7a9766cc9aa302c8d7f3925c8ce c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: b6a800d881a0176c544988870861e798 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: d05ab88927849df74cf4f1c303daeb4f c:\windows\system32\adptif.dll
MD5: 5ef7dd401771693245d46f4b0b69fe2b C:\WINDOWS\system32\ckldrv.sys
MD5: a31d3787ecb0e43ef63ce410f4e96c18 C:\WINDOWS\system32\CNBJMON2.DLL
MD5: b995a68a741a2d6d372b4b2409edc38b C:\WINDOWS\system32\CNMLM2R.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 133f82b6391f3390becfa429c23fb2be C:\WINDOWS\system32\Crypserv.exe
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\System32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: a7b8a3a79d35215d798a300df49ed23f C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 4fa401b33c1b50c816486f6951244a14 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
MD5: 69578bc9d43d614c6b3455db4af19762 C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
MD5: 6df528406aa22201f392b9b19121cd6f C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
MD5: 1e01c2166b5599802bcd61b9691f7476 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
MD5: bf8118cd5e2255387b715b534d64acd1 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
MD5: 1c77ef67f196466adc9924cb288afe87 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
MD5: f2038ed7284b79dcef581468121192a9 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
MD5: a6d562b612216d8d02a35ebeb92366bd C:\WINDOWS\system32\DRIVERS\avgtdix.sys
MD5: 5d7be7b19e827125e016325334e58ff1 C:\WINDOWS\System32\Drivers\BANTExt.sys
MD5: b60f57b4d9cdbc663cc03eb8af7ec34e C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
MD5: 41347688046d49cde0f6d138a534f73d C:\WINDOWS\System32\DRIVERS\BCMSM.sys
MD5: 7a0b457eefef8cbaa0cc44c8819113bd C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
MD5: d4d7331d33d1fa73e588e5ce0d90a4c1 C:\WINDOWS\system32\drivers\ialmkchw.sys
MD5: 44b7d5a4f2bd9fe21aea0bb0bace38c4 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
MD5: fd1f4e9cf06c71c8d73a24acf18d8296 C:\WINDOWS\system32\drivers\ialmsbw.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: 8b8b1be2dba4025da6786c645f77f123 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
MD5: cec7e2c6c1fa00c7ab2f5434f848ae51 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
MD5: 972dea0d8149d73c5b7a2c97b2e749e3 C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
MD5: 31fd0707c7dbe715234f2823b27214fe C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: df8444a8fa8fd38d8848bdd40a8403b3 C:\WINDOWS\system32\drivers\tmcomm.sys
MD5: c60dc16d4e406810fad54b98dc92d5ec C:\WINDOWS\System32\Drivers\wpdusb.sys
MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\esent.dll
MD5: 0b8fb29cda02015448c9f5260a013f19 C:\WINDOWS\system32\IEFRAME.dll
MD5: 515aaa9c87d5c475b06dfeba3706d74f C:\WINDOWS\system32\iepeers.dll
MD5: 1ab894fa897e26b23ca53beed72f61f4 C:\WINDOWS\system32\iertutil.dll
MD5: e5926bc2e9cfa7d13f05b5e5f8e9cd52 C:\WINDOWS\system32\igfxsrvc.dll
MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll
MD5: 4b83fcbbe72af5f99d109798653e8b78 c:\windows\system32\ipxsap.dll
MD5: b1ded39112e0c85bafa58dcbec6718b6 C:\WINDOWS\System32\ipxwan.dll
MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 6b890b23b7b82345ae820e9d0e056b13 c:\windows\system32\macromed\flash\flash10u.ocx
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: dd8d655e1881b70a5259a23a6018a6c2 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 06e587f41466569f32beaac7260e8aec C:\WINDOWS\System32\nwprovau.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: b92a85618a470f4406cee8785ce89b4f c:\windows\system32\rtm.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 8ea4d2fb065d9a7cb63d36f80180d08c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD2R.DLL
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: a60fc9ca376dba1235c63e960996f013 C:\WINDOWS\system32\syncui.dll
MD5: 496ce99bbbb7680323921df30b405c36 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL
MD5: 699fd04ec634bb3681f11b427f852187 C:\WINDOWS\System32\vsdatant.sys
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\System32\WINHTTP.dll
MD5: 552263502ea8c24d301a0c43ff90b3ed C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\System32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 811bb60991fc03a63f2f844a3f9c6488 C:\WINDOWS\System32\wshisn.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.72 KB recvd
Scanned 557 files and modules - 40 seconds

==============================================================================
Good News
Your computer appears to be clean

With 1.5 million new viruses created every month, try our award-winning software and keep your stuff protected!

Thanks,
Karen

How's your computer working now? Any other issues?

Hi Super Dave:

Seems much better now with the exception of one thing. When exploring the interent I have to hit refresh to get pages to initially display. I have never had to do this before. This seems to have started after we did the Dr. Web and is now almost intolerable.

I will need help in clearing out all items you and I installed to fix the computer. I particularly can not get rid of the Qoobox.

Thanks so much,
Karen

When exploring the interent I have to hit refresh to get pages to initially display.

What browser? Did you try another one? We'll do some cleanup once this problem is resolved. Please try this:

Please download

Mi

niToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• List content of Hosts
  
• List IP Configuration
  
• Lst Last 10 Event Viewer Errors
  
• List Users, Partitions and Memory Size
  

Click Go and copy/paste the log (Result.txt) into your next post.

Hi Super Dave:

I use Internet Explorer. Here is the log report.

Thanks,
Karen
-------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 03-02-2012 at 21:37:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = CENTURY LINK (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "CENTURY LINK"

set address name="CENTURY LINK" source=dhcp
set dns name="CENTURY LINK" source=dhcp register=PRIMARY
set wins name="CENTURY LINK" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : kurtcomputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter CENTURY LINK:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-5A-2F-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.31

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Friday, February 03, 2012 9:16:13 PM

Lease Expires . . . . . . . . . . : Saturday, February 04, 2012 9:16:13 PM

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.53.104, 74.125.53.105, 74.125.53.106, 74.125.53.147
74.125.53.99, 74.125.53.103



Pinging google.com [74.125.53.103] with 32 bytes of data:



Reply from 74.125.53.103: bytes=32 time=43ms TTL=54

Reply from 74.125.53.103: bytes=32 time=50ms TTL=54



Ping statistics for 74.125.53.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 50ms, Average = 46ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=137ms TTL=55

Reply from 98.137.149.56: bytes=32 time=55ms TTL=55



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 137ms, Average = 96ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 5a 2f 31 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.31 20
10.0.0.0 255.255.255.0 10.0.0.31 10.0.0.31 20
10.0.0.31 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.31 10.0.0.31 20
255.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:37:58 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1477.96 MB
Total Pagefile: 2856.7 MB
Available Pagefile: 2315.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.27 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:14.57 GB) NTFS

========================= Users: ========================================

User accounts for \\KURTCOMPUTER

Administrator Guest HelpAssistant
JEFF Owner SUPPORT_388945a0


**** End of log ****

Hi Super Dave:

I did not open this topic to view your response until just a few moments ago. The computer has been running better today. Not doing the "needs refresh to see the web page" thing at all today.

I appreciate all that you have done for me. I am disburbed that there were so many viruses on my computer this time. I take good care of my computer
and I am very careful about how I surf the internet, etc.

Do you think it is safe now to delete the programs that you and I used to fix my computer?

Thanks,
Karen

Ok. We can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give your computer a new, clean System Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Hi Super Dave:

I installed Comodo. That seems nice. Did the OTL stuff, but Qoobox did not leave. I am waiting to do a system restore until we get rid of Quoobox. What shall I do to get rid of it?

Thanks,
Karen

Hi Super Dave:

I looked in the folder and there is another folder inside called Back Env. When I click on the Back Env. folder it says : access is denied. When I try to delete the Qoobox folder it looks like it is going to delete and then stops and gives me an error message of: Can not delete Back Env. Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.

I tried to do another OTL clean up and the link no longer works when I double click on it.

Do not want to do a restore point until that Qoobox is gone. Can you help?

Thanks,
Karen

I tried to do another OTL clean up and the link no longer works when I double click on it.

OTL cleanup removes itself. Please try deleting that folder using Unlocker.

You can download and install Unlocker .

Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen

karenor wrote:

Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen

You're welcome Karen. Good luck and stay safe.