PC Antivirus 2010 spyware [Solved]

HERE IS ROOT REPEAL LOG

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 18:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF716C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C91000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF69EA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETrnumqrqf.sys
Image Path: C:\WINDOWS\system32\drivers\SKYNETrnumqrqf.sys
Address: 0xF7347000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xF7AC7000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xF7459000 Size: 61440 File Visible: No Signed: -
Status: -

==EOF==

Here is the OTL log

OTL logfile created on: 8/27/2009 6:54:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 670.98 Mb Available Physical Memory | 69.93% Memory free
2.26 Gb Paging File | 2.05 Gb Available in Paging File | 90.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.56 Gb Total Space | 31.52 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.50 Gb Free Space | 25.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/27 18:34:20 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\services.exe
PRC - [2009/08/27 18:34:20 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\install.exe
PRC - [2009/08/27 18:34:21 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\login.exe
PRC - [2009/08/27 18:34:22 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\debug.exe
PRC - [2009/08/27 18:34:23 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\smss.exe
PRC - [2009/06/29 01:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 18:54:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2004/07/15 08:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/20 09:48:49 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2007/01/26 20:46:48 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2004/10/11 12:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Stopped])
SRV - File not found -- -- (WebrootSpySweeperService [Auto | Stopped])
SRV - File not found -- -- (WRConsumerService [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...om.microsoft:en

Edited by Shizzleton, 27 August 2009 - 11:03 PM.

AND HERE IS THE EXTRAS LOG

OTL Extras logfile created on: 8/27/2009 6:54:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 670.98 Mb Available Physical Memory | 69.93% Memory free
2.26 Gb Paging File | 2.05 Gb Available in Paging File | 90.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.56 Gb Total Space | 31.52 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.50 Gb Free Space | 25.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Blizzard Launcher Temporary - 058fd400\Launcher.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Blizzard Launcher Temporary - 058fd400\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Blizzard Launcher Temporary - e4e194d0\Launcher.exe" = C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Blizzard Launcher Temporary - e4e194d0\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_PhotoShop_Album" = Remove Adobe Photoshop Album 2.0 Starter Edition installer
"AVG8Uninstall" = AVG Free 8.5
"BackWeb-6750491 Uninstaller" = Compaq Connections
"CCleaner" = CCleaner (remove only)
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"ComcastToolbar" = Comcast Toolbar
"ERUNT_is1" = ERUNT 1.1j
"F05A08BF-E600-4FBD-A53A-3D47296B1275" = Lexibox Deluxe from Compaq (remove only)
"Help and Support Additions" = Help and Support Additions
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money" = Remove Microsoft Money 2005 installer
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"Quicken_NUE" = Remove Quicken New User Edition installer
"RealPlayer 6.0" = RealPlayer
"S3" = VIA/S3G Display Driver
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2009 5:55:28 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application realplay.exe, version 6.0.12.1056, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/23/2009 5:55:30 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1001
Description = Fault bucket 145909353.

Error - 6/27/2009 1:00:39 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/27/2009 1:00:50 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1001
Description = Fault bucket 1283385725.

Error - 7/12/2009 12:06:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1005
Description = Windows cannot access the file E:\Setup.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program Software Installer because of this error. Program:
Software Installer File: E:\Setup.exe The error value is listed in the Additional
Data section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000013 Disk type: 5

Error - 7/12/2009 12:06:22 PM | Computer Name = YOUR-F78BF48CE2 | Source = Application Error | ID = 1000
Description = Faulting application Setup.exe, version 3.1.23.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000500b6.

Error - 7/18/2009 11:17:23 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/18/2009 11:17:25 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/18/2009 11:17:27 AM | Computer Name = YOUR-F78BF48CE2 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/24/2009 5:12:42 AM | Computer Name = YOUR-F78BF48CE2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16850, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/27/2009 9:35:04 PM | Computer Name = YOUR-F78BF48CE2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdK7 AvgLdx86 AvgMfx86 Fips

Error - 8/27/2009 9:45:36 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 9:45:52 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/27/2009 9:47:43 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/27/2009 9:47:57 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/27/2009 9:48:09 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/27/2009 9:48:14 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/27/2009 9:48:18 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/27/2009 9:48:37 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 8/27/2009 9:51:20 PM | Computer Name = YOUR-F78BF48CE2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Hi

Welcome to Geekstogo. I'm Azarl and I'll be helping you. Please be patient, I'm still in training so my actions need to be checked before I reply to you.

Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarifiation.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

Thanks for the Response Azarl. Glad to be a part of your training!! Just to let you know I had post again only because I had replied showing my logs and then after realized that replying might not get me the fastest response so started a fresh no reply start. Thanks in advance for your help and I am ready to follow what ever I need to as you ask.

Hi Shizzleton

No probs.

You have a rootkit infection. It's pretty nasty, but hopefully we can sort it fairly quickly.

Win32kDiag

• Please download ad13's win32ksys to your desktop
• Double click to run it
• A black window will appear, let this run
• On completion a log will appear on your desktop called Win32kDiag.txt please post this in your next reply.

Also your OTL log has been cut short (extras is OK) can you please add the complete OTL log with your next post

Thanks

Not sure if you had read my other post but since my original post I had tried a few things to rid this myself. In doing so I no longer have the pop ups I had before but I can longer access the internet. I even tried uploading a fresh firefox from a CD because Explorer would do nothing. I get as far as it saying it cant find server and check firewall settings.Prob is firewall as well as quite a few control panel options wont let me acess them.I click and they do nothing. Long story short I can't acess the internet on the home PC(using work comp at the moment) so my only option is to upload these items on a cd from a different comp(which I dont have at home) so I will do as you ask but the responses may be a bit delayed because of this.This is unless you have any thoughts of how I can acess the internet which would speed up the process alot. Thanks again and I will get you those logs as soon as I can. One last question because I fiddled with with my comp after running those logs should I run again and report ALL or do you have enough info to continue on. I apologize for the iggnorance I just want to make sure I do this right and get rid of this evil thing.

Edited by Shizzleton, 08 September 2009 - 04:40 PM.

Hi Shizzleton

The infection is causing your loss of connectivity. A second computer and removable media is good. You'll get your internet back at some time during the process.

The original logs will be fine for the moment, we'll take fresh logs later on, so if you could post the original OTL log please.

Well Ive run into another road block. I loaded the win File from a different computer to a CD and then loaded it on my computer just fine. It did its thing created its log and I thought I was home free to starting to get this thing fixed. As luck would have it When I tried to write those 2 logs u asked for to a CD it kept saying there no was no CD in the tray to write to.There was a cd in the tray then as well as the next 5 brand new never used CD's after that but for some reason it would read there wasn't any in there.This is also perplexing because it loaded the win file from the CD minutes before with no problem. So with no internet and no way of relaying info back that I can think of Im kinda stuck.You picked a [bleep] of a computer to get trained on but I got faith that your as persistant as I am and will think of somehow to get around this.

Hi Shizzleton

You picked a [bleep] of a computer to get trained on but I got faith that your as persistant as I am and will think of somehow to get around this.

I'll do my best on that.

How about USB memory sticks? Do you have one?

Well I dont own one but I can take care of that at lunch.Lemme see what I can do and Ill get back to ya in a few.

SUCCESS MY FRIEND.

Here is the win log.

Log file is located at: C:\Documents and Settings\Compaq_Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Cache\Adobe Reader 6.0.1\Adobe Reader 6.0.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\cdmxtras\cdmxtras

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPer\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}\{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\{AC76BA86-7AD7-1033-7B44-A70000000000}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\mui\mui

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\setup.pss\setup.pss

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6ebd16cfa495accd1804cd7de17cee70\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1025\1025

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1028\1028

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1031\1031

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1037\1037

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1041\1041

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1042\1042

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\1054\1054

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\2052\2052

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3076\3076

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\cleanmgr.exe

[1] 2004-08-04 05:00:00 64000 C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:14 64000 C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:14 64000 C:\WINDOWS\system32\cleanmgr.exe ()



Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\XWL24K3R\XWL24K3R

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{6F38A425-8D3B-4942-9AE3-56529E7C533B}\{6F38A425-8D3B-4942-9AE3-56529E7C533B}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\4WTLHDHV\as1.suitesmart.com\_f5e.swf\_f5e.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Crypto\RSA\RSA

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Msg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView\SampleView

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\Symantec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Apple Computer\iTunes\iTunes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Enterprise\Enterprise

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Custom Buttons\Overrides\Overrides

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\Credentials

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\config\systemprofile\WINDOWS\system\system

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\dhcp\dhcp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 05:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-13 17:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()



Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 17:11:53 63488 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 17:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\system32\export\export

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\oobe\sample\sample

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\Logs\Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\mof\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\wins\wins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\system32\xircom\xircom

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^



Finished!

Here is OTL log

OTL logfile created on: 8/27/2009 6:54:57 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

959.48 Mb Total Physical Memory | 670.98 Mb Available Physical Memory | 69.93% Memory free
2.26 Gb Paging File | 2.05 Gb Available in Paging File | 90.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.56 Gb Total Space | 31.52 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 1.50 Gb Free Space | 25.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F78BF48CE2
Current User Name: Compaq_Owner
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/27 18:34:20 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\services.exe
PRC - [2009/08/27 18:34:20 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\install.exe
PRC - [2009/08/27 18:34:21 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\login.exe
PRC - [2009/08/27 18:34:22 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\debug.exe
PRC - [2009/08/27 18:34:23 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\smss.exe
PRC - [2009/06/29 01:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/27 18:54:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2004/07/15 08:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/20 09:48:49 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2007/01/26 20:46:48 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2003/06/20 06:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2004/10/11 12:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Stopped])
SRV - File not found -- -- (WebrootSpySweeperService [Auto | Stopped])
SRV - File not found -- -- (WRConsumerService [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:65535;https=127.0.0.1:65535

FF - HKLM\software\mozilla\Firefox\Extensions\\{7B19A479-4C62-4E86-8DD0-EA3793B29875}: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{7B19A479-4C62-4E86-8DD0-EA3793B29875} [2009/08/26 18:23:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{44507CD3-71C2-4C2E-A5E1-B34540C89778}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{44507CD3-71C2-4C2E-A5E1-B34540C89778} [2009/08/26 18:30:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BACD5017-CE5A-470E-8454-282952FF6550}: C:\Documents and Settings\NetworkService\Local Settings\Application Data\{BACD5017-CE5A-470E-8454-282952FF6550}\ [2009/08/27 18:26:27 | 00,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (C:\WINDOWS\system32\tajf83ikdmf.dll) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\tajf83ikdmf.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe File not found
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Xxewajonatuqica] C:\WINDOWS\aqonucij.DLL ()
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Windows System Recover!] C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\smss.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Product Registration.lnk = C:\Program Files\Common Files\LogiShared\eReg\SetPoint\eReg.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: doginhispen.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: whataboutadog.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...asp/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1186725152015 (MUWebControl Class)
O16 - DPF: {8494B5D2-DA6A-4BB8-9C15-6C18A312387E} https://engage.magel....com/ui/Axt.cab (Caymas Secure Tunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} https://engage.magel...dl/jt/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E1FD0DCC-705B-4F61-B9EC-6E711F9B56FE} https://engage.magel...scinstaller.dll (Secure Connect)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.datCorporatio) - C:\WINDOWS\System32\cru629.dat ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O22 - SharedTaskScheduler: {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - ghya673gidh87we9inkff - C:\WINDOWS\System32\tajf83ikdmf.dll ()
O24 - Desktop Components:0 () - http://us.a2.yahoofs...saveas=DSCF0014
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 21:53:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 23:01:14 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{fc2a2f78-5f1d-11db-a0c4-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{fc2a2f78-5f1d-11db-a0c4-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/08/27 18:54:13 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2009/08/27 18:49:36 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\settings.dat
[2009/08/27 18:49:23 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Compaq_Owner\Desktop\RootRepeal.exe
[2009/08/27 18:46:42 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 18:46:40 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/27 18:46:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/27 18:46:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/27 18:46:00 | 03,942,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\J-man.exe
[2009/08/27 18:40:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/27 18:39:40 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2009/08/27 18:39:40 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2009/08/27 18:39:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/27 18:38:52 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt_setup.exe
[2009/08/27 18:36:31 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint.exe
[2009/08/27 18:30:47 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2009/08/27 18:26:09 | 00,009,728 | ---- | C] () -- C:\fyblb.exe
[2009/08/27 18:25:59 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/08/27 18:18:46 | 00,018,733 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\cybes.bin
[2009/08/27 18:18:46 | 00,018,533 | ---- | C] () -- C:\Program Files\Common Files\howyryduci.exe
[2009/08/27 18:18:46 | 00,017,990 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\akydogicox.dll
[2009/08/27 18:18:46 | 00,017,367 | ---- | C] () -- C:\WINDOWS\System32\faky.dl
[2009/08/27 18:18:46 | 00,015,160 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\coso.ban
[2009/08/27 18:18:46 | 00,014,577 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\yvijoqom.lib
[2009/08/27 18:18:46 | 00,014,249 | ---- | C] () -- C:\WINDOWS\ekexy.bat
[2009/08/27 18:18:46 | 00,013,300 | ---- | C] () -- C:\WINDOWS\System32\vitosu.bat
[2009/08/27 18:18:46 | 00,013,223 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\xycysyjova.reg
[2009/08/27 18:18:46 | 00,012,545 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jucajyz.pif
[2009/08/27 18:18:46 | 00,012,126 | ---- | C] () -- C:\WINDOWS\System32\odipygi.exe
[2009/08/27 18:18:46 | 00,011,858 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ivejysafa._dl
[2009/08/27 18:18:46 | 00,011,368 | ---- | C] () -- C:\Program Files\Common Files\wixim.pif
[2009/08/27 18:18:46 | 00,010,524 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\itijewole.lib
[2009/08/27 18:18:46 | 00,010,151 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\fimaxetilo.sys
[2009/08/26 22:45:44 | 00,018,106 | ---- | C] () -- C:\WINDOWS\bubyzogisy.db
[2009/08/26 22:45:44 | 00,017,842 | ---- | C] () -- C:\WINDOWS\System32\netyl.inf
[2009/08/26 22:45:44 | 00,017,365 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\fekanypup.bat
[2009/08/26 22:45:44 | 00,016,049 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\omupe.inf
[2009/08/26 22:45:44 | 00,014,198 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\hecefazuse.scr
[2009/08/26 22:45:44 | 00,013,448 | ---- | C] () -- C:\WINDOWS\ojubypyj.dll
[2009/08/26 22:45:44 | 00,013,343 | ---- | C] () -- C:\WINDOWS\ydenaz.sys
[2009/08/26 22:45:44 | 00,013,316 | ---- | C] () -- C:\Program Files\Common Files\mepesoqe.dll
[2009/08/26 22:45:44 | 00,013,245 | ---- | C] () -- C:\WINDOWS\mygefufa.sys
[2009/08/26 22:45:44 | 00,013,060 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\idokih.vbs
[2009/08/26 22:45:44 | 00,012,561 | ---- | C] () -- C:\WINDOWS\jyhaqiso.pif
[2009/08/26 22:45:44 | 00,011,744 | ---- | C] () -- C:\WINDOWS\qyle.vbs
[2009/08/26 22:45:44 | 00,010,856 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zucawavoqa.bat
[2009/08/26 22:45:44 | 00,010,592 | ---- | C] () -- C:\Program Files\Common Files\teqohura.sys
[2009/08/26 22:45:43 | 00,019,382 | ---- | C] () -- C:\WINDOWS\efafygupo.inf
[2009/08/26 22:45:43 | 00,018,578 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gyratecu.lib
[2009/08/26 22:45:43 | 00,017,887 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\zasiso.sys
[2009/08/26 22:45:43 | 00,017,882 | ---- | C] () -- C:\WINDOWS\wevanisa.vbs
[2009/08/26 22:45:43 | 00,014,531 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\zowy.vbs
[2009/08/26 22:45:43 | 00,012,882 | ---- | C] () -- C:\WINDOWS\zodit.vbs
[2009/08/26 22:45:43 | 00,012,859 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\dehiqaryr.bin
[2009/08/26 21:41:12 | 00,018,853 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ehym.dl
[2009/08/26 21:41:12 | 00,018,769 | ---- | C] () -- C:\WINDOWS\ysaxagexi._dl
[2009/08/26 21:41:12 | 00,017,516 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ewinifiza.bin
[2009/08/26 21:41:12 | 00,016,581 | ---- | C] () -- C:\WINDOWS\omejyragib.dl
[2009/08/26 21:41:12 | 00,016,564 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\ryveq.dat
[2009/08/26 21:41:12 | 00,016,390 | ---- | C] () -- C:\Program Files\Common Files\efiqe.com
[2009/08/26 21:41:12 | 00,016,160 | ---- | C] () -- C:\Program Files\Common Files\mizek.vbs
[2009/08/26 21:41:12 | 00,015,353 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\anun.inf
[2009/08/26 21:41:12 | 00,015,269 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\upatu.sys
[2009/08/26 21:41:12 | 00,014,852 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\udojy.db
[2009/08/26 21:41:12 | 00,014,292 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\guci.reg
[2009/08/26 21:41:12 | 00,013,982 | ---- | C] () -- C:\Program Files\Common Files\eqyxiky.vbs
[2009/08/26 21:41:12 | 00,011,728 | ---- | C] () -- C:\WINDOWS\System32\kuzeqi.scr
[2009/08/26 21:41:12 | 00,011,393 | ---- | C] () -- C:\Program Files\Common Files\ihisamis.com
[2009/08/26 21:41:12 | 00,011,250 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\zahec._sy
[2009/08/26 21:41:12 | 00,010,764 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\henyleje._sy
[2009/08/26 21:41:11 | 00,019,284 | ---- | C] () -- C:\WINDOWS\System32\tehuf.inf
[2009/08/26 21:41:11 | 00,015,540 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\qygeferatu.bat
[2009/08/26 21:41:11 | 00,014,816 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\tawaxi._sy
[2009/08/26 21:41:11 | 00,012,616 | ---- | C] () -- C:\WINDOWS\ejonewoqes.bin
[2009/08/26 21:41:11 | 00,012,478 | ---- | C] () -- C:\WINDOWS\wyduqy.sys
[2009/08/26 21:25:41 | 00,018,952 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ledylyl.ban
[2009/08/26 21:25:41 | 00,018,912 | ---- | C] () -- C:\WINDOWS\System32\iwolowyxa.vbs
[2009/08/26 21:25:41 | 00,018,579 | ---- | C] () -- C:\WINDOWS\gakodi.dll
[2009/08/26 21:25:41 | 00,018,400 | ---- | C] () -- C:\WINDOWS\oxobaq.dl
[2009/08/26 21:25:41 | 00,017,923 | ---- | C] () -- C:\Program Files\Common Files\lygalyga.vbs
[2009/08/26 21:25:41 | 00,017,374 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ebituf.db
[2009/08/26 21:25:41 | 00,016,612 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\oduxexifas.reg
[2009/08/26 21:25:41 | 00,016,606 | ---- | C] () -- C:\Program Files\Common Files\buma.dat
[2009/08/26 21:25:41 | 00,016,393 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\vapapuvo.db
[2009/08/26 21:25:41 | 00,015,087 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ejovu.dll
[2009/08/26 21:25:41 | 00,014,859 | ---- | C] () -- C:\Program Files\Common Files\gygat.vbs
[2009/08/26 21:25:41 | 00,014,809 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lyvoxyt.com
[2009/08/26 21:25:41 | 00,014,799 | ---- | C] () -- C:\WINDOWS\edab.reg
[2009/08/26 21:25:41 | 00,014,698 | ---- | C] () -- C:\WINDOWS\tyrisel.ban
[2009/08/26 21:25:41 | 00,013,792 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\qakob.reg
[2009/08/26 21:25:41 | 00,012,490 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\obydo._sy
[2009/08/26 21:25:41 | 00,011,643 | ---- | C] () -- C:\Program Files\Common Files\ibopupe._sy
[2009/08/26 21:25:41 | 00,011,284 | ---- | C] () -- C:\WINDOWS\divobuxywo.vbs
[2009/08/26 21:25:41 | 00,010,673 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\panoly.dll
[2009/08/26 20:02:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/26 19:19:12 | 00,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/08/26 19:19:11 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/08/26 19:18:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/08/26 19:18:09 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/08/26 19:18:09 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/08/26 19:16:46 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/08/26 18:36:22 | 00,017,976 | ---- | C] () -- C:\Program Files\Common Files\yvyxyqu.scr
[2009/08/26 18:36:22 | 00,017,905 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\nedulopu.dll
[2009/08/26 18:36:22 | 00,017,438 | ---- | C] () -- C:\WINDOWS\System32\detonad._sy
[2009/08/26 18:36:22 | 00,016,713 | ---- | C] () -- C:\WINDOWS\System32\kytyxywo.sys
[2009/08/26 18:36:22 | 00,015,836 | ---- | C] () -- C:\WINDOWS\System32\jyhewe.sys
[2009/08/26 18:36:22 | 00,015,725 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\qunygofaze.dat
[2009/08/26 18:36:22 | 00,015,521 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\luseran.bin
[2009/08/26 18:36:22 | 00,015,342 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\upatuwi.lib
[2009/08/26 18:36:22 | 00,014,886 | ---- | C] () -- C:\WINDOWS\System32\rihybir.sys
[2009/08/26 18:36:22 | 00,014,388 | ---- | C] () -- C:\WINDOWS\pyruhiwi.bat
[2009/08/26 18:36:22 | 00,014,203 | ---- | C] () -- C:\WINDOWS\ihixi._dl
[2009/08/26 18:36:22 | 00,013,956 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\oselux.lib
[2009/08/26 18:36:22 | 00,013,762 | ---- | C] () -- C:\Program Files\Common Files\givyqafo.pif
[2009/08/26 18:36:22 | 00,013,569 | ---- | C] () -- C:\WINDOWS\delave.dll
[2009/08/26 18:36:22 | 00,011,760 | ---- | C] () -- C:\WINDOWS\posexe.com
[2009/08/26 18:36:22 | 00,011,729 | ---- | C] () -- C:\WINDOWS\fopo.dl
[2009/08/26 18:26:25 | 00,018,594 | ---- | C] () -- C:\WINDOWS\daladucipy.com
[2009/08/26 18:26:25 | 00,018,310 | ---- | C] () -- C:\WINDOWS\vyryzomuqy.com
[2009/08/26 18:26:25 | 00,018,199 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\niwuxepy._sy
[2009/08/26 18:26:25 | 00,018,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wezu.scr
[2009/08/26 18:26:25 | 00,017,645 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ipeg._sy
[2009/08/26 18:26:25 | 00,017,530 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\zoxucubuja.sys
[2009/08/26 18:26:25 | 00,016,695 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jutihy.reg
[2009/08/26 18:26:25 | 00,016,673 | ---- | C] () -- C:\WINDOWS\System32\ocogo.pif
[2009/08/26 18:26:25 | 00,015,708 | ---- | C] () -- C:\WINDOWS\System32\siceledod.dll
[2009/08/26 18:26:25 | 00,014,325 | ---- | C] () -- C:\Program Files\Common Files\ogyja.dat
[2009/08/26 18:26:25 | 00,013,506 | ---- | C] () -- C:\Program Files\Common Files\udopaveza.reg
[2009/08/26 18:26:25 | 00,013,438 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\tefax.bin
[2009/08/26 18:26:25 | 00,013,043 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zymurece.pif
[2009/08/26 18:26:25 | 00,011,157 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\agaman.reg
[2009/08/26 18:26:25 | 00,010,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\xaxuvidoj.dl
[2009/08/26 18:26:25 | 00,010,319 | ---- | C] () -- C:\WINDOWS\isedezoc._sy
[2009/08/26 18:26:25 | 00,010,108 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\vole.pif
[2009/08/26 18:26:25 | 00,010,021 | ---- | C] () -- C:\WINDOWS\ubokiw.pif
[2009/08/26 18:24:05 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Ukorila.dat
[2009/08/26 18:23:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{7B19A479-4C62-4E86-8DD0-EA3793B29875}
[2009/08/26 00:51:01 | 00,012,288 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2009/08/26 00:51:01 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/26 00:51:01 | 00,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat
[2009/08/26 00:49:47 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\terrapof32
[2009/08/26 00:49:20 | 00,074,752 | ---- | C] () -- C:\lcbckjms.exe
[2009/08/26 00:49:20 | 00,017,408 | ---- | C] () -- C:\sdlb.exe
[2009/08/26 00:49:19 | 00,190,700 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/26 00:49:19 | 00,010,752 | ---- | C] () -- C:\yihw.exe
[2009/08/26 00:49:18 | 00,000,000 | ---D | C] -- C:\Program Files\AdvancedVirusRemover
[2009/08/26 00:49:12 | 00,000,000 | -HS- | C] () -- C:\1219446970
[2009/08/26 00:49:08 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/26 00:47:07 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/08/26 00:46:40 | 00,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/26 00:46:25 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\tajf83ikdmf.dll
[2009/08/21 11:37:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/08/19 18:07:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/08/27 18:54:14 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2009/08/27 18:49:36 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\settings.dat
[2009/08/27 18:49:24 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Compaq_Owner\Desktop\RootRepeal.exe
[2009/08/27 18:46:42 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/27 18:46:14 | 03,942,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Compaq_Owner\Desktop\J-man.exe
[2009/08/27 18:39:40 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\NTREGOPT.lnk
[2009/08/27 18:39:40 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ERUNT.lnk
[2009/08/27 18:38:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Compaq_Owner\Desktop\erunt_setup.exe
[2009/08/27 18:38:26 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Compaq_Owner\Desktop\SysRestorePoint.exe
[2009/08/27 18:34:06 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/27 18:33:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 18:33:08 | 00,012,288 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/27 18:33:08 | 00,012,288 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2009/08/27 18:33:08 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/27 18:33:08 | 00,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2009/08/27 18:30:48 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\TFC.exe
[2009/08/27 18:26:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 18:26:09 | 00,009,728 | ---- | M] () -- C:\fyblb.exe
[2009/08/27 18:26:08 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\tajf83ikdmf.dll
[2009/08/27 18:26:05 | 00,190,700 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/27 18:26:01 | 00,030,208 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/27 18:26:01 | 00,030,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/27 18:26:00 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/08/27 18:23:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/08/27 18:18:46 | 00,018,733 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\cybes.bin
[2009/08/27 18:18:46 | 00,018,533 | ---- | M] () -- C:\Program Files\Common Files\howyryduci.exe
[2009/08/27 18:18:46 | 00,017,990 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\akydogicox.dll
[2009/08/27 18:18:46 | 00,017,367 | ---- | M] () -- C:\WINDOWS\System32\faky.dl
[2009/08/27 18:18:46 | 00,015,160 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\coso.ban
[2009/08/27 18:18:46 | 00,014,577 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\yvijoqom.lib
[2009/08/27 18:18:46 | 00,014,249 | ---- | M] () -- C:\WINDOWS\ekexy.bat
[2009/08/27 18:18:46 | 00,013,300 | ---- | M] () -- C:\WINDOWS\System32\vitosu.bat
[2009/08/27 18:18:46 | 00,013,223 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\xycysyjova.reg
[2009/08/27 18:18:46 | 00,012,545 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jucajyz.pif
[2009/08/27 18:18:46 | 00,012,126 | ---- | M] () -- C:\WINDOWS\System32\odipygi.exe
[2009/08/27 18:18:46 | 00,011,858 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ivejysafa._dl
[2009/08/27 18:18:46 | 00,011,368 | ---- | M] () -- C:\Program Files\Common Files\wixim.pif
[2009/08/27 18:18:46 | 00,010,524 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\itijewole.lib
[2009/08/27 18:18:46 | 00,010,151 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\fimaxetilo.sys
[2009/08/27 18:15:31 | 40,211,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/27 18:15:31 | 00,073,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/27 18:14:01 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Ukorila.dat
[2009/08/27 18:13:14 | 00,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/26 22:45:44 | 00,018,106 | ---- | M] () -- C:\WINDOWS\bubyzogisy.db
[2009/08/26 22:45:44 | 00,017,842 | ---- | M] () -- C:\WINDOWS\System32\netyl.inf
[2009/08/26 22:45:44 | 00,017,365 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\fekanypup.bat
[2009/08/26 22:45:44 | 00,016,049 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\omupe.inf
[2009/08/26 22:45:44 | 00,014,198 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\hecefazuse.scr
[2009/08/26 22:45:44 | 00,013,448 | ---- | M] () -- C:\WINDOWS\ojubypyj.dll
[2009/08/26 22:45:44 | 00,013,343 | ---- | M] () -- C:\WINDOWS\ydenaz.sys
[2009/08/26 22:45:44 | 00,013,316 | ---- | M] () -- C:\Program Files\Common Files\mepesoqe.dll
[2009/08/26 22:45:44 | 00,013,245 | ---- | M] () -- C:\WINDOWS\mygefufa.sys
[2009/08/26 22:45:44 | 00,013,060 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\idokih.vbs
[2009/08/26 22:45:44 | 00,012,561 | ---- | M] () -- C:\WINDOWS\jyhaqiso.pif
[2009/08/26 22:45:44 | 00,011,744 | ---- | M] () -- C:\WINDOWS\qyle.vbs
[2009/08/26 22:45:44 | 00,010,856 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zucawavoqa.bat
[2009/08/26 22:45:44 | 00,010,592 | ---- | M] () -- C:\Program Files\Common Files\teqohura.sys
[2009/08/26 22:45:43 | 00,019,382 | ---- | M] () -- C:\WINDOWS\efafygupo.inf
[2009/08/26 22:45:43 | 00,018,578 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\gyratecu.lib
[2009/08/26 22:45:43 | 00,017,887 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\zasiso.sys
[2009/08/26 22:45:43 | 00,017,882 | ---- | M] () -- C:\WINDOWS\wevanisa.vbs
[2009/08/26 22:45:43 | 00,014,531 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\zowy.vbs
[2009/08/26 22:45:43 | 00,012,882 | ---- | M] () -- C:\WINDOWS\zodit.vbs
[2009/08/26 22:45:43 | 00,012,859 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\dehiqaryr.bin
[2009/08/26 21:41:12 | 00,018,853 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ehym.dl
[2009/08/26 21:41:12 | 00,018,769 | ---- | M] () -- C:\WINDOWS\ysaxagexi._dl
[2009/08/26 21:41:12 | 00,017,516 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ewinifiza.bin
[2009/08/26 21:41:12 | 00,016,581 | ---- | M] () -- C:\WINDOWS\omejyragib.dl
[2009/08/26 21:41:12 | 00,016,564 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\ryveq.dat
[2009/08/26 21:41:12 | 00,016,390 | ---- | M] () -- C:\Program Files\Common Files\efiqe.com
[2009/08/26 21:41:12 | 00,016,160 | ---- | M] () -- C:\Program Files\Common Files\mizek.vbs
[2009/08/26 21:41:12 | 00,015,353 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\anun.inf
[2009/08/26 21:41:12 | 00,015,269 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\upatu.sys
[2009/08/26 21:41:12 | 00,014,852 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\udojy.db
[2009/08/26 21:41:12 | 00,014,292 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\guci.reg
[2009/08/26 21:41:12 | 00,013,982 | ---- | M] () -- C:\Program Files\Common Files\eqyxiky.vbs
[2009/08/26 21:41:12 | 00,012,616 | ---- | M] () -- C:\WINDOWS\ejonewoqes.bin
[2009/08/26 21:41:12 | 00,011,728 | ---- | M] () -- C:\WINDOWS\System32\kuzeqi.scr
[2009/08/26 21:41:12 | 00,011,393 | ---- | M] () -- C:\Program Files\Common Files\ihisamis.com
[2009/08/26 21:41:12 | 00,011,250 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\zahec._sy
[2009/08/26 21:41:12 | 00,010,764 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\henyleje._sy
[2009/08/26 21:41:11 | 00,019,284 | ---- | M] () -- C:\WINDOWS\System32\tehuf.inf
[2009/08/26 21:41:11 | 00,015,540 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\qygeferatu.bat
[2009/08/26 21:41:11 | 00,014,816 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\tawaxi._sy
[2009/08/26 21:41:11 | 00,012,478 | ---- | M] () -- C:\WINDOWS\wyduqy.sys
[2009/08/26 21:25:41 | 00,018,952 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ledylyl.ban
[2009/08/26 21:25:41 | 00,018,912 | ---- | M] () -- C:\WINDOWS\System32\iwolowyxa.vbs
[2009/08/26 21:25:41 | 00,018,579 | ---- | M] () -- C:\WINDOWS\gakodi.dll
[2009/08/26 21:25:41 | 00,018,400 | ---- | M] () -- C:\WINDOWS\oxobaq.dl
[2009/08/26 21:25:41 | 00,017,923 | ---- | M] () -- C:\Program Files\Common Files\lygalyga.vbs
[2009/08/26 21:25:41 | 00,017,374 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ebituf.db
[2009/08/26 21:25:41 | 00,016,612 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\oduxexifas.reg
[2009/08/26 21:25:41 | 00,016,606 | ---- | M] () -- C:\Program Files\Common Files\buma.dat
[2009/08/26 21:25:41 | 00,016,393 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\vapapuvo.db
[2009/08/26 21:25:41 | 00,015,087 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ejovu.dll
[2009/08/26 21:25:41 | 00,014,859 | ---- | M] () -- C:\Program Files\Common Files\gygat.vbs
[2009/08/26 21:25:41 | 00,014,809 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lyvoxyt.com
[2009/08/26 21:25:41 | 00,014,799 | ---- | M] () -- C:\WINDOWS\edab.reg
[2009/08/26 21:25:41 | 00,014,698 | ---- | M] () -- C:\WINDOWS\tyrisel.ban
[2009/08/26 21:25:41 | 00,013,792 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\qakob.reg
[2009/08/26 21:25:41 | 00,012,490 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\obydo._sy
[2009/08/26 21:25:41 | 00,011,643 | ---- | M] () -- C:\Program Files\Common Files\ibopupe._sy
[2009/08/26 21:25:41 | 00,011,284 | ---- | M] () -- C:\WINDOWS\divobuxywo.vbs
[2009/08/26 21:25:41 | 00,010,673 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\panoly.dll
[2009/08/26 20:01:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/08/26 19:31:16 | 00,317,625 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2009/08/26 19:19:18 | 00,000,750 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/26 19:16:48 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/08/26 18:36:22 | 00,017,976 | ---- | M] () -- C:\Program Files\Common Files\yvyxyqu.scr
[2009/08/26 18:36:22 | 00,017,905 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\nedulopu.dll
[2009/08/26 18:36:22 | 00,017,438 | ---- | M] () -- C:\WINDOWS\System32\detonad._sy
[2009/08/26 18:36:22 | 00,016,713 | ---- | M] () -- C:\WINDOWS\System32\kytyxywo.sys
[2009/08/26 18:36:22 | 00,015,836 | ---- | M] () -- C:\WINDOWS\System32\jyhewe.sys
[2009/08/26 18:36:22 | 00,015,725 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\qunygofaze.dat
[2009/08/26 18:36:22 | 00,015,521 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\luseran.bin
[2009/08/26 18:36:22 | 00,015,342 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\upatuwi.lib
[2009/08/26 18:36:22 | 00,014,886 | ---- | M] () -- C:\WINDOWS\System32\rihybir.sys
[2009/08/26 18:36:22 | 00,014,388 | ---- | M] () -- C:\WINDOWS\pyruhiwi.bat
[2009/08/26 18:36:22 | 00,014,203 | ---- | M] () -- C:\WINDOWS\ihixi._dl
[2009/08/26 18:36:22 | 00,013,956 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\oselux.lib
[2009/08/26 18:36:22 | 00,013,762 | ---- | M] () -- C:\Program Files\Common Files\givyqafo.pif
[2009/08/26 18:36:22 | 00,013,569 | ---- | M] () -- C:\WINDOWS\delave.dll
[2009/08/26 18:36:22 | 00,011,760 | ---- | M] () -- C:\WINDOWS\posexe.com
[2009/08/26 18:36:22 | 00,011,729 | ---- | M] () -- C:\WINDOWS\fopo.dl
[2009/08/26 18:26:25 | 00,018,594 | ---- | M] () -- C:\WINDOWS\daladucipy.com
[2009/08/26 18:26:25 | 00,018,310 | ---- | M] () -- C:\WINDOWS\vyryzomuqy.com
[2009/08/26 18:26:25 | 00,018,199 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\niwuxepy._sy
[2009/08/26 18:26:25 | 00,018,007 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wezu.scr
[2009/08/26 18:26:25 | 00,017,645 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ipeg._sy
[2009/08/26 18:26:25 | 00,017,530 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\zoxucubuja.sys
[2009/08/26 18:26:25 | 00,016,695 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\jutihy.reg
[2009/08/26 18:26:25 | 00,016,673 | ---- | M] () -- C:\WINDOWS\System32\ocogo.pif
[2009/08/26 18:26:25 | 00,015,708 | ---- | M] () -- C:\WINDOWS\System32\siceledod.dll
[2009/08/26 18:26:25 | 00,014,325 | ---- | M] () -- C:\Program Files\Common Files\ogyja.dat
[2009/08/26 18:26:25 | 00,013,506 | ---- | M] () -- C:\Program Files\Common Files\udopaveza.reg
[2009/08/26 18:26:25 | 00,013,438 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\tefax.bin
[2009/08/26 18:26:25 | 00,013,043 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zymurece.pif
[2009/08/26 18:26:25 | 00,011,157 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\agaman.reg
[2009/08/26 18:26:25 | 00,010,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\xaxuvidoj.dl
[2009/08/26 18:26:25 | 00,010,319 | ---- | M] () -- C:\WINDOWS\isedezoc._sy
[2009/08/26 18:26:25 | 00,010,108 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\vole.pif
[2009/08/26 18:26:25 | 00,010,021 | ---- | M] () -- C:\WINDOWS\ubokiw.pif
[2009/08/26 18:21:07 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/08/26 00:49:21 | 00,074,752 | ---- | M] () -- C:\lcbckjms.exe
[2009/08/26 00:49:20 | 00,017,408 | ---- | M] () -- C:\sdlb.exe
[2009/08/26 00:49:19 | 00,010,752 | ---- | M] () -- C:\yihw.exe
[2009/08/26 00:49:12 | 00,000,000 | -HS- | M] () -- C:\1219446970
[2009/08/23 01:48:10 | 00,058,201 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/08/22 00:41:58 | 00,005,960 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/20 09:48:55 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/20 09:48:54 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 09:48:54 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/18 08:01:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/14 18:49:45 | 00,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2009/08/14 18:49:45 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\2666C8

========== LOP Check ==========

[2009/08/26 22:45:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/23 02:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/14 15:07:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/08/19 18:07:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2006/09/26 23:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2006/02/18 16:09:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/07/10 21:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2005/05/27 19:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/02/14 20:10:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/08/26 20:10:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/02/15 08:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/07 17:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/08/27 18:18:46 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data
[2009/08/27 18:13:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ComcastToolbar
[2005/05/27 20:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute
[2007/02/04 00:21:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech
[2008/09/09 21:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
[2005/05/27 20:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView
[2007/07/15 14:12:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2008/12/01 21:55:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Ventrilo
[2009/05/07 17:03:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\W Photo Studio
[2009/05/07 17:06:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\W Photo Studio Viewer
[2009/05/07 17:03:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Walgreens
[2009/08/18 08:01:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/27 18:26:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/26 20:01:00 | 00,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2009/08/27 18:23:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job
[2009/08/27 18:13:14 | 00,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/08/27 18:26:09 | 00,009,728 | ---- | M] () -- C:\fyblb.exe
[2006/02/27 11:34:08 | 36,526,792 | ---- | M] (Apple Computer, Inc. ) -- C:\iTunesSetup.exe
[2009/08/26 00:49:21 | 00,074,752 | ---- | M] () -- C:\lcbckjms.exe
[2009/08/26 00:49:20 | 00,017,408 | ---- | M] () -- C:\sdlb.exe
[2009/08/26 00:49:19 | 00,010,752 | ---- | M] () -- C:\yihw.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 17:11:53 | 00,063,488 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

Hi Shizzleton

Quite a lot to do here, so if there is anything you are not sure about, please ask before doing it

Step 1
Win32kDiag
Click on Start->Run, and copy and paste the following into the "Open" box

"%userprofile%\desktop\win32kdiag.exe" -f -r

Click OK.
When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Step 2
1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\WINDOWS\system32\logevent.dll | C:\WINDOWS\system32\eventlog.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply

Step 3
ComboFix
Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on Combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" for further review.

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall

Finally
When you've done all that, please post a new RootRepeal and OTL log together with logs from The Avenger, Win32kDiag and Combofix