Google Redirect [Solved]

hi


Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.*
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  CREATERESTOREPOINT
  %PROGRAMFILES%\*.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

hi
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
[/list][/list]

Files copied below:

OTL:
OTL logfile created on: 1/25/2010 10:09:52 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\hello\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 44.33 Gb Free Space | 59.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.01 Gb Total Space | 134.41 Gb Free Space | 90.20% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOM
Current User Name: hello
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/25 10:00:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hello\Desktop\OTL.exe
PRC - [2010/01/23 16:10:41 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/23 16:10:41 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/23 16:10:39 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/23 16:10:38 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/23 16:10:35 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/23 16:10:29 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/23 16:10:27 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/11 10:57:36 | 01,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 09:26:36 | 00,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 03:54:24 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/09/30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/12/14 11:17:47 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/14 11:17:46 | 00,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/12/14 11:17:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/05/29 21:43:38 | 02,580,480 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/05/29 21:43:36 | 02,363,392 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/04/13 19:12:32 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rdshost.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/08/30 16:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/02/20 20:18:32 | 00,366,400 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2006/11/03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAC207\Monitor.exe
PRC - [2005/11/11 01:07:40 | 00,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/11/10 16:28:00 | 00,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2005/01/18 04:50:16 | 00,196,608 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark P910 Series\lxbymon.exE
PRC - [2005/01/06 12:41:22 | 00,462,848 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxbycoms.exe
PRC - [2004/12/22 19:32:00 | 00,892,928 | ---- | M] (SiS) -- C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe
PRC - [2004/09/17 08:24:02 | 00,061,440 | ---- | M] () -- C:\Program Files\Lexmark P910 Series\ezprint.exe


========== Modules (SafeList) ==========

MOD - [2010/01/25 10:00:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hello\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/01/23 16:10:29 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/23 16:10:27 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/27 09:26:36 | 00,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/27 03:54:24 | 00,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/06/25 20:03:34 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/14 11:17:45 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/03/30 09:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/08/08 13:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/01/06 12:41:22 | 00,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxbycoms.exe -- (lxby_device)
SRV - [2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/01/23 16:11:14 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/23 16:11:04 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/23 16:11:02 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/05/29 12:30:38 | 00,508,160 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/01/23 04:56:04 | 00,016,896 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/01/23 04:35:20 | 00,317,952 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/10/04 21:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/27 16:53:22 | 00,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2005/11/22 01:44:22 | 03,804,416 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/09/03 00:43:00 | 00,046,464 | R--- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SiSRaid.sys -- (SiSRaid)
DRV - [2003/08/08 20:00:28 | 00,032,640 | ---- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2003/07/17 20:58:20 | 00,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/05/01 13:56:32 | 00,012,390 | ---- | M] (Nike, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PSA128F.SYS -- (PSA128F)
DRV - [2003/05/01 13:56:22 | 00,012,357 | ---- | M] (Nike, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PSA64F.SYS -- (PSA64F)
DRV - [2002/12/13 03:06:40 | 00,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/12/09 15:21:42 | 00,036,612 | ---- | M] (Nike, Inc.) [128max Player Control Driver [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psa128u.sys -- (psa128u)
DRV - [2002/12/09 15:21:30 | 00,052,335 | ---- | M] (Nike, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psa128s.sys -- (psa128s)
DRV - [2002/07/10 10:39:34 | 00,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/11/04 19:11:00 | 00,018,216 | R--- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scopex0.SYS -- (GT891x)
DRV - [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/05 21:13:00 | 00,314,720 | R--- | M] (Grandtech Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scopex1.SYS -- (DCamUSBGrandTek)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1



O1 HOSTS File: ([2002/08/29 15:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FCTB00100Pos Class) - {00D7C7EB-D79F-49CD-9E4A-3CD1F761938B} - C:\Program Files\AnySoldier Toolbar\Toolbar.dll ()
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (AnySoldier Toolbar) - {F7C58BC7-A7EC-49F8-9DC9-414AD649CF01} - C:\Program Files\AnySoldier Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark P910 Series\ezprint.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LXBYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [lxbymon.exe] C:\Program Files\Lexmark P910 Series\lxbymon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\Sraid.exe (SiS)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\hello\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/05/03 14:57:31 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/05/03 14:57:31 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/05/03 14:57:31 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/05/03 14:57:31 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyds...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1155763168671 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\hello\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\hello\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/11 11:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/09/04 10:16:00 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/05/30 09:31:56 | 00,000,054 | -H-- | M] () - F:\autorun.in_2.org -- [ FAT32 ]
O32 - AutoRun File - [2007/12/23 21:31:06 | 00,000,053 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3170a6a0-4240-11de-9908-0013d3ae67e2}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{74084d5a-057d-11df-9930-001801869462}\Shell\AutoRun\command - "" = F:\wdsync.exe -- File not found
O33 - MountPoints2\{d6b8c93b-b244-11dd-98e0-0013d3ae67e2}\Shell - "" = AutoRun
O33 - MountPoints2\{d6b8c93b-b244-11dd-98e0-0013d3ae67e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6b8c93b-b244-11dd-98e0-0013d3ae67e2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/06/28 04:39:07 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
MsConfig - StartUpReg: ICQ Lite - hkey= - key= - C:\Program Files\ICQLite\ICQLite.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: NapsterShell - hkey= - key= - C:\Program Files\Napster\napster.exe (Napster)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Weather - hkey= - key= - C:\Program Files\AWS\WeatherBug\Weather.exe File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CAAFB8F9-F8D1-3D27-9AAA-6301A4429440} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.GTC2 - C:\WINDOWS\System32\gtcodec2.DLL ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/25 10:00:51 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hello\Desktop\OTL.exe
[2010/01/24 10:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hitman Pro
[2010/01/24 10:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/01/24 09:48:27 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/24 09:42:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/24 09:40:52 | 09,034,488 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\hello\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/01/24 06:45:12 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\hello\Recent
[2010/01/23 19:49:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/01/23 16:11:31 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/23 16:11:14 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/23 16:11:14 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/23 16:11:03 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/23 16:11:02 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/23 16:10:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/01/23 16:10:22 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/23 16:10:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/01/23 16:06:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/23 16:06:53 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/23 16:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/23 16:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/23 14:56:12 | 00,891,208 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\hello\My Documents\avg_free_stb_en_9_40_free.exe
[2010/01/23 13:33:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/23 13:32:39 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\hello\My Documents\HijackThisInstaller.exe
[2010/01/23 08:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hello\Desktop\DESKTOP BILLS
[2010/01/22 15:54:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2010/01/22 15:50:34 | 27,386,256 | ---- | C] ( ) -- C:\Documents and Settings\hello\My Documents\AdbeRdr930_en_US.exe
[2010/01/15 01:37:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hello\Local Settings\Application Data\diwcda
[2010/01/06 22:14:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/01/01 14:00:23 | 03,357,024 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\hello\My Documents\ccsetup227.exe
[2010/01/01 14:00:17 | 09,732,720 | ---- | C] (PC Tools ) -- C:\Documents and Settings\hello\My Documents\rminstall.exe
[2009/06/25 20:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/05/16 12:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/02/18 18:48:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/10 08:41:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/25 10:19:20 | 00,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/01/25 10:00:38 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hello\Desktop\OTL.exe
[2010/01/25 09:23:28 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\hello\NTUSER.DAT
[2010/01/25 09:04:15 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\hello\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/25 08:19:17 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{345BDE4C-FBB1-4C76-9743-BFFEAA17EE7C}.job
[2010/01/25 08:03:16 | 54,652,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/25 07:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\qjnvvldt.job
[2010/01/25 06:34:46 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/25 06:28:34 | 00,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/25 06:25:57 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/01/25 06:25:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/25 06:25:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/25 06:24:04 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\hello\ntuser.ini
[2010/01/24 10:59:01 | 00,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/24 09:42:22 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/01/24 09:40:50 | 09,034,488 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\hello\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/01/24 06:52:22 | 00,000,231 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\Twitter - Home.url
[2010/01/23 21:00:32 | 00,002,754 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\Netjustincase2.reg
[2010/01/23 20:58:32 | 00,001,268 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\Netjustincase.reg
[2010/01/23 16:11:15 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 9.0.lnk
[2010/01/23 16:11:14 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/01/23 16:11:14 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/01/23 16:11:04 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/01/23 16:11:02 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/23 16:11:02 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/01/23 16:10:48 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/23 16:10:48 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/23 16:10:48 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/23 14:56:23 | 00,891,208 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\hello\My Documents\avg_free_stb_en_9_40_free.exe
[2010/01/23 13:33:27 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\HijackThis.lnk
[2010/01/23 13:32:45 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\hello\My Documents\HijackThisInstaller.exe
[2010/01/22 15:54:50 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\hello\My Documents\Adobe Reader 9.lnk
[2010/01/22 15:50:33 | 27,386,256 | ---- | M] ( ) -- C:\Documents and Settings\hello\My Documents\AdbeRdr930_en_US.exe
[2010/01/20 18:14:06 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/20 10:30:25 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bafifoni
[2010/01/20 09:24:08 | 00,457,758 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\mbam.zip
[2010/01/20 08:36:06 | 00,000,708 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/20 08:10:39 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hello\My Documents\mbam-setup.exe
[2010/01/18 04:10:36 | 00,000,039 | ---- | M] () -- C:\Documents and Settings\hello\jagex_runescape_preferences.dat
[2010/01/18 04:10:14 | 00,000,069 | ---- | M] () -- C:\Documents and Settings\hello\jagex_runescape_preferences2.dat
[2010/01/15 07:59:47 | 00,000,266 | ---- | M] () -- C:\Documents and Settings\hello\My Documents\Economic Stimulus 2009 - The Making Work Pay Tax Credit - H&R Block.url
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/14 05:34:54 | 00,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/01/12 17:49:20 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\hello\My Documents\Need Your Computer work on.url
[2010/01/10 06:34:17 | 00,000,389 | ---- | M] () -- C:\Documents and Settings\hello\My Documents\CBS Boss Weighs In On Moonlight's Possible Resurrection Fancast News.url
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 09:18:36 | 00,000,317 | ---- | M] () -- C:\Documents and Settings\hello\My Documents\Arlo Guthrie - The motorcycle song Lyrics.url
[2010/01/03 06:15:10 | 00,000,288 | ---- | M] () -- C:\Documents and Settings\hello\My Documents\Lots of stuff to trade for a digital camera..url
[2010/01/02 06:56:52 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\CCleaner.lnk
[2010/01/02 06:56:23 | 03,357,024 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\hello\My Documents\ccsetup227.exe
[2010/01/01 14:00:17 | 09,732,720 | ---- | M] (PC Tools ) -- C:\Documents and Settings\hello\My Documents\rminstall.exe
[2009/12/30 08:25:50 | 00,000,217 | ---- | M] () -- C:\Documents and Settings\hello\Desktop\FAFSA - Free Application for Federal Student Aid.url
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,006,456 | -H-- | C] () -- C:\WINDOWS\System32\bafifoni
[2010/01/25 07:01:15 | 00,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/01/24 10:59:01 | 00,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/24 09:47:58 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/24 09:42:22 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Microsoft Security Essentials.lnk
[2010/01/23 21:14:56 | 00,000,708 | ---- | C] () -- C:\Documents and Settings\hello\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 21:00:32 | 00,002,754 | ---- | C] () -- C:\Documents and Settings\hello\Desktop\Netjustincase2.reg
[2010/01/23 20:58:32 | 00,001,268 | ---- | C] () -- C:\Documents and Settings\hello\Desktop\Netjustincase.reg
[2010/01/23 16:11:15 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 9.0.lnk
[2010/01/23 16:11:01 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/01/23 16:10:48 | 54,652,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/23 16:10:48 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/23 16:10:48 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/23 16:10:48 | 00,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/23 13:33:27 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\hello\Desktop\HijackThis.lnk
[2010/01/22 15:54:50 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\hello\My Documents\Adobe Reader 9.lnk
[2010/01/20 09:24:08 | 00,457,758 | ---- | C] () -- C:\Documents and Settings\hello\Desktop\mbam.zip
[2010/01/20 07:08:17 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\qjnvvldt.job
[2010/01/15 07:59:47 | 00,000,266 | ---- | C] () -- C:\Documents and Settings\hello\My Documents\Economic Stimulus 2009 - The Making Work Pay Tax Credit - H&R Block.url
[2010/01/12 17:49:20 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\hello\My Documents\Need Your Computer work on.url
[2010/01/10 06:34:17 | 00,000,389 | ---- | C] () -- C:\Documents and Settings\hello\My Documents\CBS Boss Weighs In On Moonlight's Possible Resurrection Fancast News.url
[2010/01/06 22:16:15 | 00,000,069 | ---- | C] () -- C:\Documents and Settings\hello\jagex_runescape_preferences2.dat
[2010/01/06 22:14:47 | 00,000,039 | ---- | C] () -- C:\Documents and Settings\hello\jagex_runescape_preferences.dat
[2010/01/06 09:18:36 | 00,000,317 | ---- | C] () -- C:\Documents and Settings\hello\My Documents\Arlo Guthrie - The motorcycle song Lyrics.url
[2010/01/03 06:15:09 | 00,000,288 | ---- | C] () -- C:\Documents and Settings\hello\My Documents\Lots of stuff to trade for a digital camera..url
[2009/12/30 08:25:50 | 00,000,217 | ---- | C] () -- C:\Documents and Settings\hello\Desktop\FAFSA - Free Application for Federal Student Aid.url
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/16 14:43:56 | 00,000,408 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2009/03/26 23:21:52 | 00,159,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/08/10 01:00:49 | 00,000,057 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/08/10 00:45:55 | 00,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2008/08/10 00:41:11 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2008/08/10 00:41:10 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2008/03/18 05:32:59 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\QTSBandwidthCache
[2007/08/23 10:21:35 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/07/11 13:16:36 | 00,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/07/05 20:14:32 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/06/22 07:24:36 | 00,032,768 | R--- | C] () -- C:\WINDOWS\System32\gtcodec2.DLL
[2007/06/21 16:35:31 | 00,001,069 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/12/12 11:30:26 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/11/20 08:32:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pestpatrol5.INI
[2006/11/02 08:27:46 | 00,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006/09/28 05:30:40 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\hello\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/16 23:52:59 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006/08/16 23:52:59 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006/08/16 23:07:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/08/12 11:59:45 | 00,135,168 | R--- | C] () -- C:\WINDOWS\System32\property.dll
[2006/08/12 11:56:09 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/12 11:50:38 | 00,076,270 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/08/12 11:50:16 | 00,075,045 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/02/19 10:45:50 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbyvs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/08/11 11:58:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/08/16 18:00:11 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2007/11/11 14:36:21 | 00,008,055 | ---- | M] () -- C:\caisslog.txt
[2006/08/11 11:58:32 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/05/16 16:07:50 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2006/08/11 11:58:32 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/25 06:28:23 | 00,004,521 | ---- | M] () -- C:\lxby.log
[2007/09/08 08:21:14 | 00,000,136 | ---- | M] () -- C:\lxbypswx.log
[2009/05/14 10:15:58 | 00,006,081 | ---- | M] () -- C:\lxbyscan.log
[2006/08/11 11:58:32 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/05/20 12:38:10 | 00,016,173 | ---- | M] () -- C:\NTDClient.log
[2006/08/16 17:53:57 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/18 07:09:53 | 00,250,048 | RHS- | M] () -- C:\ntldr
[1997/04/08 11:27:18 | 00,490,096 | ---- | M] (Microsoft Corporation) -- C:\oadist.exe
[2010/01/25 06:25:35 | 16,106,12736 | -HS- | M] () -- C:\pagefile.sys
[1998/03/18 13:19:30 | 00,008,021 | ---- | M] () -- C:\ReadMe.txt
[1997/12/30 17:11:32 | 00,837,632 | ---- | M] (Microsoft Technical Support, Microsoft Corporation) -- C:\RegClean.exe
[2006/08/12 12:22:53 | 00,031,966 | ---- | M] () -- C:\Undo NONE 20060812 102253.Reg
[2008/05/03 14:44:54 | 00,000,146 | ---- | M] () -- C:\YServer.txt


< MD5 for: AGP440.SYS >
[2006/08/16 17:50:00 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/18 06:50:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/08/16 17:50:00 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/05/18 06:50:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/08/16 17:50:00 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/18 06:50:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/08/16 17:50:00 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/05/18 06:50:26 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/01/22 15:54:08 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/02 07:12:42 | 00,000,000 | ---D | M] -- C:\Program Files\AnySoldier Toolbar
[2009/07/13 20:13:21 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/08/10 00:43:37 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2010/01/23 16:10:22 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2006/09/26 16:32:01 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet
[2006/09/26 16:38:24 | 00,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2008/05/21 14:54:22 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/01/23 07:16:26 | 00,000,000 | ---D | M] -- C:\Program Files\CaptureView VGA Manager
[2009/03/11 17:15:08 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/01/23 14:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/08/11 11:55:51 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/04/11 00:01:08 | 00,000,000 | ---D | M] -- C:\Program Files\Coupons
[2006/12/12 08:08:20 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/08/20 14:59:38 | 00,000,000 | ---D | M] -- C:\Program Files\DIFX
[2007/06/21 17:16:51 | 00,000,000 | ---D | M] -- C:\Program Files\directx
[2007/04/10 17:46:26 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/08/07 19:46:03 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2010/01/24 10:58:27 | 00,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2008/12/23 21:57:39 | 00,000,000 | ---D | M] -- C:\Program Files\HOJY TECH
[2010/01/23 07:19:32 | 00,000,000 | ---D | M] -- C:\Program Files\ICQLite
[2010/01/23 07:16:27 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/17 09:23:43 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2008/01/17 09:22:30 | 00,000,000 | ---D | M] -- C:\Program Files\Intel Play
[2010/01/23 08:12:40 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/05/21 14:58:41 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2008/05/21 14:58:53 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/01/23 14:09:05 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2007/04/10 17:47:04 | 00,000,000 | ---D | M] -- C:\Program Files\Konvertor
[2006/10/31 19:07:37 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2006/08/21 18:27:11 | 00,000,000 | ---D | M] -- C:\Program Files\Lexmark Fax Solutions
[2006/12/03 11:47:14 | 00,000,000 | ---D | M] -- C:\Program Files\Lexmark P910 Series
[2006/08/21 18:27:55 | 00,000,000 | ---D | M] -- C:\Program Files\Lexmark_P910 Series
[2010/01/19 23:41:39 | 00,000,000 | ---D | M] -- C:\Program Files\Lx_cats
[2010/01/20 09:28:09 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/10 00:45:55 | 00,000,000 | ---D | M] -- C:\Program Files\MARS
[2008/08/12 20:12:31 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/07 08:46:45 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/05/01 02:00:37 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/08/11 11:58:41 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/09/25 06:14:15 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/01/24 09:42:57 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Essentials
[2010/01/23 08:12:40 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/11/07 08:50:31 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2006/12/28 20:17:19 | 00,000,000 | ---D | M] -- C:\Program Files\mIRC
[2008/05/18 07:25:46 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/12/21 17:16:36 | 00,000,000 | ---D | M] -- C:\Program Files\MP4 to MP3 Converter
[2009/02/02 09:18:49 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/09/25 06:13:54 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/12/14 11:18:57 | 00,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/08/11 11:55:10 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/08/21 13:18:45 | 00,000,000 | ---D | M] -- C:\Program Files\Napster
[2010/01/23 19:40:14 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/03/08 14:24:15 | 00,000,000 | ---D | M] -- C:\Program Files\Nike
[2009/12/03 15:54:58 | 00,000,000 | ---D | M] -- C:\Program Files\Nokia
[2007/01/04 20:33:30 | 00,000,000 | ---D | M] -- C:\Program Files\On2 Technologies
[2006/08/11 12:21:03 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/09/03 13:31:58 | 00,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.4
[2009/08/14 02:13:53 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/06/16 14:43:45 | 00,000,000 | ---D | M] -- C:\Program Files\PC Camera
[2009/12/03 15:51:02 | 00,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2009/05/16 12:41:09 | 00,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/05/21 14:54:03 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/08/12 11:56:02 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2008/09/12 06:25:06 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2006/08/12 11:59:40 | 00,000,000 | ---D | M] -- C:\Program Files\Silicon Integrated Systems
[2006/08/12 11:50:47 | 00,000,000 | ---D | M] -- C:\Program Files\SiS VGA Utilities V3.71
[2006/08/12 11:46:42 | 00,000,000 | ---D | M] -- C:\Program Files\sisagp
[2006/08/12 11:53:33 | 00,000,000 | ---D | M] -- C:\Program Files\SiSLan
[2010/01/23 15:53:20 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/01/23 15:53:15 | 00,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2010/01/23 13:33:26 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/07/11 13:44:05 | 00,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2008/09/12 06:30:23 | 00,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2006/08/11 12:27:02 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/20 12:03:49 | 00,000,000 | ---D | M] -- C:\Program Files\Verizon
[2009/05/16 12:38:15 | 00,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2009/11/07 08:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/07 08:45:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2006/12/08 20:44:35 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/05/18 07:20:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/05/18 07:20:37 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/08/16 16:20:17 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2006/09/10 16:43:46 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/08/11 11:58:41 | 00,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/05/08 17:29:36 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-23 12:25:55

< >

< >
< End of report >

Extras:

OTL Extras logfile created on: 1/25/2010 10:09:52 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\hello\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 44.33 Gb Free Space | 59.49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 149.01 Gb Total Space | 134.41 Gb Free Space | 90.20% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOM
Current User Name: hello
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7188:TCP" = 7188:TCP:*:Enabled:BitComet 7188 TCP
"7188:UDP" = 7188:UDP:*:Enabled:BitComet 7188 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxbycoms.exe" = C:\WINDOWS\system32\lxbycoms.exe:*:Enabled:P910 Series Server -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbyPSWX.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbyPSWX.EXE:*:Enabled:P910 Series Printer Status -- ()
"C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\World of Warcraft\WoW-1.12.0-enUS-downloader.exe" = C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe" = C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Disabled:mIRC -- File not found
"C:\Documents and Settings\hello\Local Settings\Temporary Internet Files\Content.IE5\JPMMW0GQ\mirc.exe" = C:\Documents and Settings\hello\Local Settings\Temporary Internet Files\Content.IE5\JPMMW0GQ\mirc.exe:*:Disabled:mIRC -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}" = SiSRaidPackage
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{158C641B-D60C-45E4-A380-B5725A4FE98A}" = ScopeCam Driver Installer
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5C9DDCE0-66CF-11D4-9100-0090274FBE9A}" = Intel® System Information Viewer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}" = ArcSoft PhotoImpression 4
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}" = Ulead Photo Explorer 7.0 SE Platinum
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CB54EB3-DF6F-11D6-B49C-0020183A6529}" = green label T-Shirts
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AAE10BE5-F398-41C1-9AAF-A59EBF17DFDE}" = Norton Spyware Scan
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC1F9C12-AFC9-4D35-BEF1-0F8AD138D28F}" = Usb disk Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4749535-2B87-498A-B74D-0A01B174E36D}" = PC Camera
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG Free 9.0
"BitComet" = BitComet 0.70
"CCleaner" = CCleaner
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"InstallShield_{F4749535-2B87-498A-B74D-0A01B174E36D}" = PC Camera
"Lexmark P910 Series" = Lexmark P910 Series
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile - PREVIEW
"MP4 to MP3 Converter_is1" = MP4 to MP3 Converter 1.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Norton Spyware Scan provided by Yahoo!" = Norton Spyware Scan provided by Yahoo!
"Picasa2" = Picasa 2
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"Yahoo! Search Defender" = Yahoo! Search Protection
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/23/2010 3:08:00 PM | Computer Name = MOM | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 11 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI38.tmp, command: C:\Program Files\Java\jre6\

Error - 1/23/2010 3:50:12 PM | Computer Name = MOM | Source = MsiInstaller | ID = 11722
Description = Product: Java™ 6 Update 11 -- Error 1722.There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action FilesInUseDialog,
location: C:\WINDOWS\Installer\MSI3F.tmp, command: C:\Program Files\Java\jre6\

Error - 1/23/2010 4:03:53 PM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000e672a.

Error - 1/23/2010 9:02:47 PM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ycaplugin.dll, version 2007.12.11.1, fault address 0x000102a7.

Error - 1/24/2010 6:52:55 AM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000e672a.

Error - 1/25/2010 3:25:37 AM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000e672a.

Error - 1/25/2010 4:05:33 AM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x0009581e.

Error - 1/25/2010 7:17:34 AM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000afd9c.

Error - 1/25/2010 10:03:31 AM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gtcodec2.dll, version 1.10.0.0, fault address 0x000063c3.

Error - 1/25/2010 10:06:49 AM | Computer Name = MOM | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gtcodec2.dll, version 1.10.0.0, fault address 0x000063c3.

[ System Events ]
Error - 1/25/2010 7:26:08 AM | Computer Name = MOM | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/25/2010 7:26:08 AM | Computer Name = MOM | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/25/2010 7:28:16 AM | Computer Name = MOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxby_device service to
connect.

Error - 1/25/2010 7:28:16 AM | Computer Name = MOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxby_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441077}

Error - 1/25/2010 7:28:16 AM | Computer Name = MOM | Source = Service Control Manager | ID = 7000
Description = The lxby_device service failed to start due to the following error:
%%1053

Error - 1/25/2010 9:06:21 AM | Computer Name = MOM | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running


Error - 1/25/2010 10:25:12 AM | Computer Name = MOM | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running


Error - 1/25/2010 10:26:50 AM | Computer Name = MOM | Source = TermServDevices | ID = 1112
Description = Failed to register for user printing preferences change notification.
Open the Services snap-in and confirm that the Printer Spooler service is running



< End of report >

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O32 - AutoRun File - [2008/09/04 10:16:00 | 00,000,000 | ---D | M] - F:\autorun -- [ FAT32 ]
  O32 - AutoRun File - [2008/05/30 09:31:56 | 00,000,054 | -H-- | M] () - F:\autorun.in_2.org -- [ FAT32 ]
  O32 - AutoRun File - [2007/12/23 21:31:06 | 00,000,053 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
  O33 - MountPoints2\{3170a6a0-4240-11de-9908-0013d3ae67e2}\Shell\AutoRun\command - "" = wdsync.exe
  O33 - MountPoints2\{74084d5a-057d-11df-9930-001801869462}\Shell\AutoRun\command - "" = F:\wdsync.exe -- File not found
  O33 - MountPoints2\{d6b8c93b-b244-11dd-98e0-0013d3ae67e2}\Shell - "" = AutoRun
  O33 - MountPoints2\{d6b8c93b-b244-11dd-98e0-0013d3ae67e2}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{d6b8c93b-b244-11dd-98e0-0013d3ae67e2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
  [2010/01/25 07:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\qjnvvldt.job
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[/list]Post the contents of GMER.txt in your next reply.

Hi,

Thanks for your help on this matter. I tried to run GMER and it kept on crashing with Atapi.sys and froze the computer. I got told by a friend to run the combofix as that would fix that.

So I'm posting two logs Combofix and GMER which finally ran after combofix did solve the atapi.sys problem.

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-26 10:22:07
Windows 5.1.2600 Service Pack 3
Running: wzup660v.exe; Driver: C:\DOCUME~1\hello\LOCALS~1\Temp\pxtdypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[4016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (FileSpy Filter Driver/Windows ® 2000 DDK provider)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USB_RNDIS \Device\{05B72F7E-B1B5-4488-BF8F-A905752A8CF9} RNDISMP.SYS (Remote NDIS Miniport/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (FileSpy Filter Driver/Windows ® 2000 DDK provider)

---- EOF - GMER 1.0.15 ----

Heres the combofix log:

ComboFix 10-01-25.06 - hello 01/26/2010 8:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.76 [GMT -5:00]
Running from: c:\documents and settings\hello\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\RegClean.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\Ijl11.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-25 22:45 . 2010-01-25 22:45 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-25 22:43 . 2010-01-25 22:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-25 21:34 . 2010-01-25 21:34 -------- dc----w- C:\_OTL
2010-01-24 15:59 . 2010-01-24 15:59 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-24 15:58 . 2010-01-24 15:58 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro
2010-01-24 15:58 . 2010-01-24 15:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-01-24 14:48 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-24 14:42 . 2010-01-24 14:42 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-23 21:11 . 2010-01-23 21:11 -------- dc----w- C:\$AVG
2010-01-23 21:11 . 2010-01-23 21:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 21:11 . 2010-01-23 21:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 21:11 . 2010-01-23 21:11 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 21:11 . 2010-01-23 21:11 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 21:10 . 2010-01-25 22:45 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-23 21:10 . 2010-01-23 21:10 -------- d-----w- c:\program files\AVG
2010-01-23 21:10 . 2010-01-23 21:10 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg9
2010-01-23 18:33 . 2010-01-23 18:33 -------- d-----w- c:\program files\Trend Micro
2010-01-21 03:41 . 2010-01-21 03:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-20 11:44 . 2010-01-20 11:44 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-01-20 11:44 . 2010-01-20 11:44 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-01-15 06:37 . 2010-01-16 09:34 -------- d-----w- c:\documents and settings\hello\Local Settings\Application Data\diwcda
2010-01-07 03:16 . 2010-01-18 09:10 69 ----a-w- c:\documents and settings\hello\jagex_runescape_preferences2.dat
2010-01-07 03:14 . 2010-01-18 09:10 39 ----a-w- c:\documents and settings\hello\jagex_runescape_preferences.dat
2010-01-07 03:14 . 2010-01-07 03:14 -------- d-----w- c:\windows\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 13:55 . 2008-09-17 17:30 -------- d-----w- c:\documents and settings\hello\Application Data\OpenOffice.org2
2010-01-26 12:57 . 2009-11-11 08:24 79488 ----a-w- c:\documents and settings\hello\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-23 20:53 . 2006-08-12 17:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-23 20:53 . 2006-08-12 17:25 -------- d-----w- c:\program files\Symantec
2010-01-23 20:53 . 2006-08-12 17:25 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-01-23 20:53 . 2006-08-12 17:25 -------- d-----w- c:\program files\Symantec AntiVirus
2010-01-23 19:09 . 2006-12-31 04:55 -------- d-----w- c:\program files\Java
2010-01-23 13:12 . 2009-11-07 13:51 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-23 12:19 . 2006-12-30 03:19 -------- d-----w- c:\program files\ICQLite
2010-01-23 12:16 . 2006-08-12 16:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 12:16 . 2007-06-21 22:16 -------- d-----w- c:\program files\CaptureView VGA Manager
2010-01-22 20:54 . 2006-08-17 13:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 14:28 . 2009-03-30 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 04:41 . 2006-08-17 04:51 -------- d-----w- c:\program files\Lx_cats
2010-01-07 21:07 . 2009-03-30 18:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-03-30 18:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14 . 2004-01-08 22:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-03 20:55 . 2009-12-03 20:55 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-03 20:54 . 2009-12-03 20:54 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-03 20:54 . 2009-08-20 19:55 -------- d-----w- c:\program files\Nokia
2009-12-03 20:51 . 2009-12-03 20:50 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-03 20:43 . 2009-12-03 20:43 95232 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-03 20:43 . 2009-12-03 20:43 61440 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-03 20:43 . 2009-12-03 20:43 10240 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-03 20:43 . 2009-12-03 20:43 8192 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-03 20:28 . 2009-08-20 19:52 -------- dc----w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations
2009-12-03 20:28 . 2009-12-03 20:45 34429264 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-11-07 18:56 . 2006-08-17 03:59 52728 -c--a-w- c:\documents and settings\hello\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00D7C7EB-D79F-49CD-9E4A-3CD1F761938B}]
2008-03-28 01:48 1265664 ----a-w- c:\program files\AnySoldier Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F7C58BC7-A7EC-49F8-9DC9-414AD649CF01}"= "c:\program files\AnySoldier Toolbar\Toolbar.dll" [2008-03-28 1265664]

[HKEY_CLASSES_ROOT\clsid\{f7c58bc7-a7ec-49f8-9dc9-414ad649cf01}]
[HKEY_CLASSES_ROOT\FCTB00100.FCTB00100.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB00100.FCTB00100]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [2005-11-10 49152]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 90112]
"SiSRaid"="c:\program files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2004-12-23 892928]
"LXBYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 69632]
"lxbymon.exe"="c:\program files\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"EzPrint"="c:\program files\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

c:\documents and settings\hello\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-8-12 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 21:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2004-11-22 20:29 299008 -c--a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 14:36 267048 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-05-18 16:29 49152 -c--a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2007-01-12 23:36 323216 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-08 03:57 30208 -c----w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxbycoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxbyPSWX.EXE"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Documents\\My Videos\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Documents\\My Videos\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Documents\\My Videos\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7188:TCP"= 7188:TCP:BitComet 7188 TCP
"7188:UDP"= 7188:UDP:BitComet 7188 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 PSA128F;PSA128F;c:\windows\system32\drivers\PSA128F.SYS [3/8/2008 2:24 PM 12390]
R0 PSA64F;PSA64F;c:\windows\system32\drivers\PSA64F.SYS [2/24/2008 2:45 PM 12357]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/23/2010 4:11 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/23/2010 4:11 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/23/2010 4:10 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/23/2010 4:10 PM 285392]
S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;c:\windows\system32\Drivers\BULKUSB.sys --> c:\windows\system32\Drivers\BULKUSB.sys [?]
S3 CA500AV;CaptureView VGA;c:\windows\system32\DRIVERS\CA500AV.SYS --> c:\windows\system32\DRIVERS\CA500AV.SYS [?]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/16/2009 12:39 PM 30192]
S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [5/29/2007 12:30 PM 508160]
S3 psa128s;psa128s;c:\windows\system32\drivers\psa128s.sys [3/8/2008 2:24 PM 52335]
S3 psa128u;Nike psa[128max Player Control Driver;c:\windows\system32\drivers\psa128u.sys [3/8/2008 2:24 PM 36612]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-01-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-01-26 c:\windows\Tasks\User_Feed_Synchronization-{345BDE4C-FBB1-4C76-9743-BFFEAA17EE7C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
TCP: {94B63DA7-7681-4499-89D3-BA5B817C10ED} = 66.73.13.9
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
MSConfigStartUp-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
MSConfigStartUp-Weather - c:\program files\AWS\WeatherBug\Weather.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 08:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.BIN
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\system32\lxbycoms.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-01-26 09:04:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 14:04

Pre-Run: 49,011,204,096 bytes free
Post-Run: 48,991,596,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1F87ADADA375F1276B9AB5AE058F3462

Where did I ask you to run combofix ?

Do you want my help or do you want to fix this yourself ?

Where did I ask you to run combofix ?

Do you want my help or do you want to fix this yourself ?

The GMER program kept on crashing the pc as it was pausing the computer on the atapi file. Thats when I was talking to a friend of mine and he told me that the combofix would sort that problem out as it was a comon problem. I thought that if I got that problem sorted out first and then was able to run the GMER (which you asked me to run) and post the log, but I also thought posting the combofix log would help even further. I could of held this information back and you could of given me some information not knowing that I had already ran the combifix program.

I thought it would be better to be honest about it.

Sorry if I've upset you, but I didn't mean for you to get upset about it, I just knew you wanted the log from the GMER program.

if you run tools yourself you are going to damage your PC, and that will be your own fault.


Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  c:\documents and settings\hello\Local Settings\Application Data\diwcda
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Then post it here.
[/list]

OTM log:

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\documents and settings\hello\Local Settings\Application Data\diwcda folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hello
->Temp folder emptied: 1201589 bytes
->Temporary Internet Files folder emptied: 9283433 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 2840 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14067 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 102384689 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108.00 mb


OTM by OldTimer - Version 3.1.7.0 log created on 01272010_131716

Files moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes Log (did a full scan by mistake):

Malwarebytes' Anti-Malware 1.44
Database version: 3622
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/28/2010 8:24:50 AM
mbam-log-2010-01-28 (08-24-50).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 182612
Time elapsed: 1 hour(s), 13 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{CD285BD6-ABE1-4BE2-8C84-E520C81605D0}\RP279\A0012654.sys (Malware.Trace) -> Quarantined and deleted successfully.

I tried doing the Kaspersky, but the web site wouldn't install the program. I did try the Kaspersky on another pc just to make sure it wasn't this pc that was stopping it and that wouldn't install either.

BTW:
AVG Keeps poping up with Multiple runtime compression aspack.nupx for files named:
C:\Windows\System32\NCTAudioFormatSettings3.dll
C:\Windows\System32\NCTAudioCompress3.dll

Hope this helps.

Edited by highroyds, 28 January 2010 - 07:56 AM.

do this

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

do this
[*]After that is done click on the reports button at the bottom and save it to file name it Kas.
[*]Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.
[/list]

Thanks for that, I booted up into safe mode and followed your instructions to a point, but some of them I couldn't find as the instructions seem out of date to what I saw on the program. It took around 6 hours to complete the scan and it did find some trojans:

1/28/2010 12:28:59 PM Task started

1/28/2010 4:41:22 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\FRIENDS\Music\[From:"Cinder Road Street Team" <[email protected]>][Subject:Message has a suspicious part : Cinder Road CD Release Gift we need YOU!][Time:2007/06/18 00:25:12]/text/html


1/28/2010 2:50:26 PM Untreated: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\FRIENDS\Music\[From:"Cinder Road Street Team" <[email protected]>][Subject:Cinder Road CD Release Gift we need YOU!][Time:2007/06/18 00:25:12]/text/html Postponed


1/28/2010 2:50:26 PM Detected: Trojan-Spy.HTML.Fraud.gen Main Identity\Local Folders\FRIENDS\Music\[From:"Cinder Road Street Team" <[email protected]>][Subject:Cinder Road CD Release Gift we need YOU!][Time:2007/06/18 00:25:12]/text/html

1/28/2010 5:10:33 PM Task completed

There was no save option, so I have to click select all and copy the text. Hope I did right thing.

Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  
• Please follow the prompts to uninstall Combofix.
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

• Download OTC to your desktop and run it
• Click Yes to beginning the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Below I have included a number of recommendations for how to protect your computer against malware infections.

• Keep Windows updated by regularly checking their website at :
  http://windowsupdate.microsoft.com/
  This will ensure your computer has always the latest security updates available installed on your computer.
  
  
• SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  
  
• SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  
  
• Make Internet Explorer more secure
  
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
• TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  
  
• MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  
  
• Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
  secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
  blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
  Here
  
  
  If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  
  • NoScript - for blocking ads and other potential website attacks
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
  
  
• Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  
  
• ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  
  
• FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  
  
• Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  
  
• Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

Thank you for your patience, and performing all of the procedures requested.

Thanks for all your help in this matter, hopefully the pc is now clean. All though I have noticed that the popup from AVG still comes up everytime I boot the pc up with Multiple runtime compression aspack.nupx for files named:

C:\Windows\System32\NCTAudioFormatSettings3.dll
C:\Windows\System32\NCTAudioCompress3.dll

and won't go away.

Plus the remote desktop assistance has stopped working through Live Messenger & the boot time for the pc is now around 10 minutes (timed it as it was taking a long time).

Any advice would be grateful.