Need help with Win32/Rustock.N [Solved]

got the otl log ?

Rorschach112, thank you very much for taking a look at my problem. Here are the 2 OTL logs you requested.

OTL.Txt
-----------

OTL logfile created on: 2010-02-09 21:38:55 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Hugoo\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 424,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,03 Gb Free Space | 17,18% Space Free | Partition Type: NTFS
Drive D: | 101,56 Gb Total Space | 101,30 Gb Free Space | 99,75% Space Free | Partition Type: NTFS
Drive E: | 102,02 Gb Total Space | 65,86 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive F: | 935,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 43,01 Gb Total Space | 3,48 Gb Free Space | 8,10% Space Free | Partition Type: NTFS
Drive L: | 71,49 Gb Total Space | 1,51 Gb Free Space | 2,11% Space Free | Partition Type: NTFS

Computer Name: HUGO
Current User Name: Hugoo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-02-08 17:13:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugoo\Bureau\OTL.exe
PRC - [2010-02-01 17:30:17 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-02-01 17:30:17 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010-02-01 17:30:17 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010-02-01 17:30:17 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010-02-01 17:30:15 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010-02-01 17:30:15 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010-02-01 17:30:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009-02-06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009-01-05 16:18:48 | 000,413,696 | ---- | M] (Apple Inc.) -- D:\Quicktime\QTTask.exe
PRC - [2008-12-21 02:15:27 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008-12-21 02:15:27 | 000,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008-04-13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-08-27 13:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) -- D:\AdAware\aawservice.exe
PRC - [2007-08-08 14:53:16 | 000,088,024 | ---- | M] () -- D:\AdAware\AAWTray.exe
PRC - [2006-11-14 04:21:28 | 016,270,848 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006-06-01 04:22:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006-04-10 16:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (SafeList) ==========

MOD - [2010-02-08 17:13:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugoo\Bureau\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010-02-01 17:30:15 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010-02-01 17:30:14 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008-12-21 02:15:27 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2007-08-27 13:38:50 | 000,566,616 | ---- | M] (Lavasoft AB) [Auto | Running] -- D:\AdAware\aawservice.exe -- (aawservice)
SRV - [2006-06-01 04:22:00 | 000,155,715 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006-04-10 16:54:14 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005-04-03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gamespot.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.gamespot.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: [email protected]:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-02-01 17:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-07 03:00:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-06 02:13:26 | 000,000,000 | ---D | M]

[2008-08-29 20:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\Mozilla\Extensions
[2010-02-07 21:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\Mozilla\Firefox\Profiles\3zfpneem.default\extensions
[2008-07-14 14:57:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\Mozilla\Firefox\Profiles\3zfpneem.default\extensions\[email protected]
[2009-08-27 01:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\Mozilla\Firefox\Profiles\3zfpneem.default\extensions\[email protected]
[2010-02-07 21:39:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006-03-02 07:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AAWTray] D:\AdAware\AAWTray.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] D:\Quicktime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2bc66f54-93a8-11d3-beb6-00105aa9b6ae} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {644e432f-49d3-41a1-8dd5-e099162eeec5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\DOCUME~1\Hugoo\LOCALS~1\Temp\16951546537mxx.dll) - C:\DOCUME~1\Hugoo\LOCALS~1\Temp\16951546537mxx.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Hugoo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hugoo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-09-17 15:25:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007-09-14 09:43:52 | 000,000,000 | ---- | M] () - K:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{96f35bc0-ae9a-11dc-bfc0-001a9221c258}\Shell - "" = AutoRun
O33 - MountPoints2\{96f35bc0-ae9a-11dc-bfc0-001a9221c258}\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: msncache - File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007-09-17 15:24:43 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010-02-08 17:13:05 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugoo\Bureau\OTL.exe
[2010-02-08 16:34:24 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010-02-08 16:32:27 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Hugoo\Bureau\HousecallLauncher.exe
[2010-02-08 00:40:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-02-08 00:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010-02-08 00:35:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Hugoo\Bureau\erunt_setup.exe
[2010-02-08 00:26:19 | 000,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugoo\Bureau\TFC.exe
[2010-02-01 17:30:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010-02-01 17:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-02-01 17:29:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010-02-01 17:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007-09-27 23:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007-09-17 15:25:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007-09-17 15:25:00 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010-02-09 21:28:34 | 055,361,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-02-09 21:22:34 | 000,063,804 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010-02-09 21:22:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-09 21:22:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-09 02:22:44 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Hugoo\NTUSER.DAT
[2010-02-09 02:22:44 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Hugoo\ntuser.ini
[2010-02-08 20:46:59 | 004,833,564 | -H-- | M] () -- C:\Documents and Settings\Hugoo\Local Settings\Application Data\IconCache.db
[2010-02-08 17:13:27 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugoo\Bureau\OTL.exe
[2010-02-08 16:39:13 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010-02-08 16:33:17 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Hugoo\Local Settings\Application Data\housecall.guid.cache
[2010-02-08 16:32:28 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Hugoo\Bureau\HousecallLauncher.exe
[2010-02-08 00:35:16 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Hugoo\Bureau\erunt_setup.exe
[2010-02-08 00:26:19 | 000,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugoo\Bureau\TFC.exe
[2010-02-07 21:45:46 | 023,158,831 | ---- | M] () -- C:\Documents and Settings\Hugoo\Bureau\Canadian Slag 24 - Master the Force.mp3
[2010-02-06 00:57:53 | 366,968,928 | ---- | M] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E15.Jacksonville.HDTV.XviD-FQM.avi
[2010-02-06 00:02:47 | 000,014,701 | ---- | M] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E15.Jacksonville.HDTV.XviD-FQM.[eztv].torrent
[2010-02-01 17:30:33 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010-02-01 17:30:28 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010-02-01 17:30:28 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010-02-01 17:30:23 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010-02-01 17:30:23 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010-01-30 22:03:42 | 367,158,194 | ---- | M] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E14.HDTV.XviD-2HD.avi
[2010-01-30 21:31:23 | 000,014,708 | ---- | M] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E14.HDTV.XviD-2HD.[eztv].torrent
[2010-01-30 20:42:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

========== Files Created - No Company Name ==========

[2010-02-08 16:48:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Hugoo\Bureau\gmer.exe
[2010-02-08 16:39:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010-02-08 16:33:17 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Hugoo\Local Settings\Application Data\housecall.guid.cache
[2010-02-07 21:41:42 | 023,158,831 | ---- | C] () -- C:\Documents and Settings\Hugoo\Bureau\Canadian Slag 24 - Master the Force.mp3
[2010-02-06 00:04:11 | 366,968,928 | ---- | C] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E15.Jacksonville.HDTV.XviD-FQM.avi
[2010-02-06 00:02:46 | 000,014,701 | ---- | C] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E15.Jacksonville.HDTV.XviD-FQM.[eztv].torrent
[2010-01-30 21:33:42 | 367,158,194 | ---- | C] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E14.HDTV.XviD-2HD.avi
[2010-01-30 21:31:23 | 000,014,708 | ---- | C] () -- C:\Documents and Settings\Hugoo\Bureau\Fringe.S02E14.HDTV.XviD-2HD.[eztv].torrent
[2008-01-06 21:57:56 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007-10-19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-09-18 23:58:30 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-09-18 23:58:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-09-18 23:53:15 | 000,102,912 | ---- | C] () -- C:\Documents and Settings\Hugoo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-09-18 21:36:30 | 000,022,240 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-09-18 21:36:29 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007-09-18 21:36:04 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-09-18 20:51:26 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2007-09-18 20:51:26 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007-09-18 20:51:25 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007-09-18 20:51:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007-09-18 20:51:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007-09-18 20:51:25 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007-09-18 20:51:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007-09-18 20:51:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007-09-18 20:51:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007-09-18 20:51:25 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2006-06-01 04:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-06-01 04:22:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-06-01 04:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-06-01 04:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006-06-01 04:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-06-01 04:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006-06-01 04:22:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

========== LOP Check ==========

[2010-02-08 17:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009-12-10 00:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007-12-19 20:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetJet
[2007-12-19 20:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2010-02-01 17:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010-02-06 01:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\Azureus
[2007-11-25 19:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\BPFTP
[2008-03-08 18:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\DeepBurner
[2007-12-19 20:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hugoo\Application Data\Oberon Media

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006-03-02 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-09-23 21:44:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-09-23 21:44:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006-03-02 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-09-23 21:44:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-09-23 21:44:26 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006-03-02 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2006-03-02 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2006-03-02 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006-03-02 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007-09-17 11:07:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007-09-17 11:07:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007-09-17 11:07:15 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7AB4D952
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4DE8EA4B
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D5184D8
< End of report >

Here is the second OTL log

Extras.Txt
-----------

OTL Extras logfile created on: 2010-02-09 21:38:55 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Hugoo\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

1 023,00 Mb Total Physical Memory | 424,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 5,03 Gb Free Space | 17,18% Space Free | Partition Type: NTFS
Drive D: | 101,56 Gb Total Space | 101,30 Gb Free Space | 99,75% Space Free | Partition Type: NTFS
Drive E: | 102,02 Gb Total Space | 65,86 Gb Free Space | 64,56% Space Free | Partition Type: NTFS
Drive F: | 935,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 43,01 Gb Total Space | 3,48 Gb Free Space | 8,10% Space Free | Partition Type: NTFS
Drive L: | 71,49 Gb Total Space | 1,51 Gb Free Space | 2,11% Space Free | Partition Type: NTFS

Computer Name: HUGO
Current User Name: Hugoo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"D:\mIRC\mirc.exe" = D:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{29C22873-B939-4EF9-B6E3-1EFE7FA391D1}" = ASUS nVidia Driver
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128ee8-8ead-4db0-85c6-17c2ce50ff71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113458560}" = Transformers Battle Universe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89f4137d-6c26-4a84-bdb8-2e5a4bb71e00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a85fd55b-891b-4314-97a5-ea96c0bd80b5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{bc4ca8fa-41d2-4b81-8680-e9b7573d6500}" = PlayStation®Network Downloader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{f0e12bba-ad66-4022-a453-a1c8a0c4d570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"avg9uninstall" = AVG 9.0
"BulletProof FTP_is1" = BulletProof FTP
"erunt_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"mozilla firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetJet" = NetJet 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"ZoomPlayer" = Zoom Player (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-10-17 00:23:14 | Computer Name = HUGO | Source = Application Hang | ID = 1002
Description = Application bloquée Azureus.exe, version 3.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2009-10-17 00:25:05 | Computer Name = HUGO | Source = Application Hang | ID = 1002
Description = Application bloquée Azureus.exe, version 3.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2009-10-17 13:39:05 | Computer Name = HUGO | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,

Error - 2009-10-17 13:39:05 | Computer Name = HUGO | Source = MsiInstaller | ID = 10005
Description = Produit : Windows Live Communications Platform -- Windows Installer
a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit
peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments
sont : , ,

Error - 2009-10-18 22:59:46 | Computer Name = HUGO | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3523, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2009-10-18 22:59:46 | Computer Name = HUGO | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.9.1.3523, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2009-11-16 03:10:35 | Computer Name = HUGO | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.1.3593, module défaillant
npswf32.dll, version 10.0.32.18, adresse de défaillance 0x002e5bda.

Error - 2009-11-16 03:48:49 | Computer Name = HUGO | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.9.1.3593, module défaillant
npswf32.dll, version 10.0.32.18, adresse de défaillance 0x002e5c06.

Error - 2010-02-07 23:20:10 | Computer Name = HUGO | Source = Application Hang | ID = 1002
Description = Application bloquée mbam-setup.tmp, version 51.49.0.0, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 2010-02-08 01:25:21 | Computer Name = HUGO | Source = Application Hang | ID = 1002
Description = Application bloquée mbam.exe, version 1.44.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 2010-02-09 22:41:58 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:00 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:01 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:02 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:04 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:05 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:06 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:08 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:09 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.

Error - 2010-02-09 22:42:10 | Computer Name = HUGO | Source = Disk | ID = 262151
Description = Le périphérique \Device\Harddisk1\D comporte un bloc défectueux.


< End of report >

hi



Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O33 - MountPoints2\{96f35bc0-ae9a-11dc-bfc0-001a9221c258}\Shell - "" = AutoRun
  O33 - MountPoints2\{96f35bc0-ae9a-11dc-bfc0-001a9221c258}\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
  NetSvcs: msncache - File not found
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix\ComboFix.txt log in your next reply.

Rorschach112

I ran OTL a second time with the instructions you provided. Once done, the computer rebooted as you said it would. However, once rebooted, I can't go any further. The process somehow messed with my IP settings. Right now, I'm writing this message using another computer since the problem one can't access the internet in any way. Firefox, Internet Explorer, MSN, nothing. The MSN troubleshooting option says that the machine does not have an IP address.

With no internet access, I can't download Combofix and continue with the process you posted. Can this IP problem be easily solved? Should I call my Internet provider?

Thanks!

no I think it was a mistake on my part, sorry about that. Try these steps


Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.




Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.



Go to Start then to run
type in Cmd and click Enter
Type in ipconfig /release all then click enter
Now type in ipconfig /renew all and click Enter



They fix it ?


Also do you have your windows cd ?

Rorschach112

Here is what happens; when I double click the 'Network and Internet Connections' icon that is in the Control Panel, there is nothing in there. Instead, I got a window saying something about my computer not having an ethernet card. I can't quite remember the exact sentence unfortunately.

I went ahead and tried inputting the commands in the Command Prompt. 'ipconfig /flushdns' did what it's supposed to do. However, both 'ipconfig / release all' and 'ipconfig / renew all' gave me the same result. A sentence in Command Prompt saying that "there are no cards [ethernet I imagine?] with the authority to execute the commands". Again, I'm not 100% sure on the exact wording, but it seems to add to the possibility that there is something wrong with my network card.

Is it possible the OTL process somehow made my system not recognize the network card? where should I go from there?

Again, thanks much for helping me out. I appreciate it. I also noticed the Paypal button in your sig

yeah I think the OTL step was responsible

do you have your windows cd ?

Yes, I do have my Windows XP cd.

tell me if these fix your net


place it in your CD ROM drive and follow the instructions below:

• Click on Start and select Run... type sfc /scannow (note the space) (Let this run undisturbed until the window with the blue progress bar goes away)

SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.
If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.



Boot from the Windows XP installation CD.

At the "Welcome to Setup" screen, press R to start Recovery Console. Choose the installation to be repaired by number (usually 1) and press "Enter".

When you are asked for the Administrator password, leave it blank and press "Enter".

At the command prompt, type chkdsk /r and press "Enter". (Note the space before /r) The disk check operation will start.

This will be a very thorough check of the hard drive and the file system...be patient and let it complete. It may appear to hang or even back up a few times...this is normal. 60 to 90 minutes is not unusual for this check...it may take longer in some cases.

Once the check completes and you are back at the command prompt, type exit and press "Enter". Let your computer boot normally to Windows.

Rorschach112

I followed the instructions in your last post and both System File Checker and chkdsk /r seem to have run fine. However, chkdsk /r took about 20 minutes to complete instead of the 60-90 minutes you suggested it would take.

Unfortunately, it did not fix my internet. I tried the instructions you gave me a few posts back about checking "Start > Control Panel > Network and Internet Connections > Network Connections", but there are still no icons, 'Network connections' or otherwise, in there. So I can't check the properties or anything.

Also, I tried once more the ipconfig /flushdns, /release all and /renew all in the command prompt and I still get the same failure message, which is: "there are no cards with the authority to execute the commands", (I'd love to copy/paste the exact sentence, but my operating system being in french and all (not by choice, believe me) I'm translating to the best of my knowledge.)

I right cliked on My Computer, then Properties and then Hardware...I expanded the 'Network cards' listing and checked the properties of both listed there and it says that they are both 'fonctionning normally' and that there are 'no conflicts'.

So in the end, I'm right back where I was after the second OTL process. Do you know of any way to undo what was done during that process? Or if you have anything you consider a better course of action to suggest, I'm listening

Thanks again for taking the time to help me. I appreciate it.

Edited by 7.00, 13 February 2010 - 10:14 PM.

don't worry we will get it fixed

can you try a windows repair

http://www.geekstogo...ws-XP-t138.html

I tried doing the Windows repair (following the instructions in the link you provided). Sadly, that's not working right. Everything goes well until I get to this part:



Everytime the timer says that there are 34 minutes left to the installation, the system reboots. After rebooting, I'm still at the same place shown in the image. The process starts again. When the timer says that there are 34 minutes remaining, the system reboots and this whole thing repeats itself over and over and over. It has been running like this for hours now because I don't know how to properly stop it. I sure don't wanna lose my data and stuff

I don't know if this is of any help, but I have noticed that everytime the system reboots (at the part shown in the image above), the green progress bar is indicating "installing devices".

I hope I've provided enough information for you to figure out what I have to do next!

Edited by 7.00, 15 February 2010 - 12:05 AM.

Gotta send you over to the techs, they are better at fixing this

Tell them I sent you over and that I think removing this caused your problems

NetSvcs: msncache - File not found


Then return here when you have your net access back