OTL logfile created on: 5/3/2012 11:22:38 AM - Run 2 OTL by OldTimer - Version 3.2.42.2 Folder = I:\SpywareRemoval\OTL Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 73.09% Memory free 3.84 Gb Paging File | 3.43 Gb Available in Paging File | 89.28% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 462.40 Gb Total Space | 441.35 Gb Free Space | 95.45% Space Free | Partition Type: NTFS Drive I: | 3.72 Gb Total Space | 2.09 Gb Free Space | 56.11% Space Free | Partition Type: FAT32 Computer Name: ALLISON | User Name: Reginald | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - I:\SpywareRemoval\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOCUME~1\Reginald\LOCALS~1\Temp\catchme.sys File not found DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080430 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080430 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{24501C24-CFD2-4437-B2AB-946B89C477D6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.24.32.3:3128 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{E89D60A4-DA4D-4DD2-9759-45EEECD4709D}: C:\Documents and Settings\Reginald\Local Settings\Application Data\{E89D60A4-DA4D-4DD2-9759-45EEECD4709D} [2010/12/19 19:41:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BCAA49C9-65AA-45CA-BFC4-9A1DD77314BA}: C:\Documents and Settings\Allison\Local Settings\Application Data\{BCAA49C9-65AA-45CA-BFC4-9A1DD77314BA} [2010/12/22 12:39:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FBF2CFB0-225A-40E3-87A4-C0BE87E14A75}: C:\Documents and Settings\Cathy\Local Settings\Application Data\{FBF2CFB0-225A-40E3-87A4-C0BE87E14A75} [2011/01/29 08:17:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2CA42DEA-1E26-4EF8-940A-F75A06118A35}: C:\Documents and Settings\Reginald\Local Settings\Application Data\{2CA42DEA-1E26-4EF8-940A-F75A06118A35} [2011/04/23 19:36:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{69FDAB26-8E9E-47CE-ADB0-414BB63C6A32}: C:\Documents and Settings\Cathy\Local Settings\Application Data\{69FDAB26-8E9E-47CE-ADB0-414BB63C6A32}\ [2011/04/23 20:36:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22B235BD-5846-43B6-ADC5-7D4F2B465ACF}: C:\Documents and Settings\Allison\Local Settings\Application Data\{22B235BD-5846-43B6-ADC5-7D4F2B465ACF} [2011/04/24 13:29:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0F5C9471-BCBC-4BCA-A7F6-F41632496781}: C:\Documents and Settings\Cathy\Local Settings\Application Data\{0F5C9471-BCBC-4BCA-A7F6-F41632496781}\ [2011/04/25 18:40:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{81BE89DA-98F4-48FB-BC1E-88D2FB4B97A1}: C:\Documents and Settings\Cathy\Local Settings\Application Data\{81BE89DA-98F4-48FB-BC1E-88D2FB4B97A1}\ [2011/04/26 20:02:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/02 09:05:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/02 09:05:11 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Reginald\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google Search = C:\Documents and Settings\Reginald\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Gmail = C:\Documents and Settings\Reginald\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012/05/03 08:20:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Motive SmartBridge] C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212704424412 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212704473115 (MUWebControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8516821-161E-4818-A30F-13FC6C82F5D5}: NameServer = 10.24.32.2 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found SafeBootMin: 98562859.sys - Driver SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: 98562859.sys - Driver SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error. ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error. ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1056 [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/05/03 10:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/03 10:02:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012/05/03 10:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/03 08:20:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012/05/03 08:20:24 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Reginald\Desktop\OTL.exe [2012/05/02 15:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Desktop\RK_Quarantine [2012/05/02 09:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG [2012/05/02 08:55:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/05/02 07:42:10 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012/05/01 12:53:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2012/05/01 08:36:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/05/01 08:36:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/05/01 08:36:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/05/01 08:36:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/05/01 08:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/05/01 08:36:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Reginald\Start Menu\Programs\Administrative Tools [2012/05/01 08:23:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/01 08:22:56 | 004,480,240 | R--- | C] (Swearware) -- C:\Documents and Settings\Reginald\Desktop\ComboFix.exe [2012/05/01 08:21:48 | 004,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Reginald\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [2012/04/30 15:26:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ [2012/04/30 15:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MP160 [2012/04/30 15:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Start Menu\Programs\HP [2012/04/30 11:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Application Data\Apple Computer [2012/04/30 11:11:25 | 000,367,616 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpbrprtmon.dll [2012/04/30 11:11:25 | 000,180,224 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpbprtmon.dll [2012/04/30 11:11:25 | 000,148,480 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpbprtmonui.dll [2012/04/30 11:07:30 | 000,000,000 | ---D | C] -- C:\ePrint Mobil [2012/04/30 11:05:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Local Settings\Application Data\HP [2012/04/30 11:01:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Local Settings\Application Data\MicroVision Applications [2012/04/30 10:50:37 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/04/30 10:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Application Data\AVG2012 [2012/04/30 10:47:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2012/04/30 10:45:47 | 000,000,000 | ---D | C] -- C:\$AVG [2012/04/30 10:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/04/30 10:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/04/30 10:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2012/04/30 10:36:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/04/30 10:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/04/30 10:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012/04/30 10:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/04/30 10:32:32 | 000,772,552 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2012/04/30 10:32:32 | 000,227,784 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2012/04/30 10:32:32 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2012/04/30 10:32:25 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012/04/30 10:32:25 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012/04/30 10:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2012/04/30 09:30:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2012/04/30 09:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2012/04/27 13:38:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google [2012/04/27 10:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Reginald\Application Data\Visan [2012/04/23 07:25:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Reginald\Recent [2012/04/19 22:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/05/03 11:16:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job [2012/05/03 11:01:10 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/05/03 11:01:00 | 000,000,336 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2012/05/03 10:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/05/03 10:44:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/05/03 09:53:34 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/05/03 09:52:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/05/03 09:52:26 | 2136,129,536 | -HS- | M] () -- C:\hiberfil.sys [2012/05/03 08:20:36 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2012/05/03 07:52:49 | 000,034,814 | ---- | M] () -- C:\Documents and Settings\Reginald\Local Settings\Application Data\dt.dat [2012/05/02 14:27:56 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Reginald\Desktop\OTL.exe [2012/05/02 09:05:22 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2012/05/02 09:03:58 | 096,885,911 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/05/02 07:42:18 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2012/05/01 08:43:29 | 000,000,327 | ---- | M] () -- C:\Boot.bak [2012/05/01 08:31:14 | 004,480,240 | R--- | M] (Swearware) -- C:\Documents and Settings\Reginald\Desktop\ComboFix.exe [2012/05/01 08:21:59 | 004,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Reginald\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [2012/04/30 16:03:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2012/04/30 13:12:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/04/30 10:50:37 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\Sa\Visan [2008/06/17 07:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Reginald\Application Data\Yahoo! [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys [2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2006/08/28 02:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys [2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [2006/08/27 21:02:10 | 000,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: CSRSS.EXE >[/color] [2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe [2008/04/14 05:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe [2004/08/04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\i386\csrss.exe [2004/08/04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe [2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe [2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe [2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/04/27 21:07:02 | 001,224,176 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/02/29 07:17:40 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] < End of report >