Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Are we clean?

Started by RobertV , Oct 12 2010 11:25 AM

  • Please log in to reply

#1
RobertV
Posted 12 October 2010 - 11:25 AM

RobertV

    Member

  • Member
  • PipPip
  • 15 posts
My wife's laptop was so slow it was unuseable. I have cleaned things up to the best of my ability and wanted to see if there are any underlying problems. Here are my log files, OTL, gmer, & MBAM.
Thank you - Robert

OTL logfile created on: 10/12/2010 12:41:22 PM - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Robin Voitle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 187.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 11.73 Gb Free Space | 41.96% Space Free | Partition Type: NTFS

Computer Name: ROBIN-ON5Z0WSDO | User Name: Robin Voitle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
PRC - [2010/10/04 18:38:23 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:52:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/23 01:33:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:17:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:16:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:14:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:14:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
MOD - [2008/04/13 20:12:10 | 001,294,336 | ---- | M] () -- C:\WINDOWS\System32\patacvga.dll
MOD - [2008/04/13 20:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/23 01:33:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:16:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/15 09:17:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:14:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 18:25:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2006/08/02 14:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2003/04/28 22:39:24 | 000,625,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/09 12:59:54 | 000,194,000 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/09/20 11:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/22 07:09:53 | 000,000,000 | ---D | M]

[2009/03/30 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\Mozilla\Extensions
[2009/03/30 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2001/08/23 17:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smart...oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221752588704 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262386488565 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: Bitudeng - {B3E38F5B-94B7-4ADE-9016-821F52AFC58D} - C:\WINDOWS\System32\cfguhmic.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/13 20:38:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/12 11:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\gmer
[2010/10/12 11:32:32 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
[2010/10/12 07:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/11 15:00:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/11 15:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/11 15:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 15:00:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin Voitle\Desktop\mbam-setup-1.46.exe
[2010/10/07 20:00:36 | 000,000,000 | ---D | C] -- C:\af976bd5e6f127efb54a6a4eae465559
[2010/09/22 07:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/20 11:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Application Data\HP
[2010/09/20 11:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/20 11:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/09/20 11:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/09/20 11:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/09/20 11:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/09/20 11:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/09/20 11:01:06 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/09/15 07:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\AVG
[2010/09/15 07:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\Lynn Work
[2010/08/11 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/15 09:17:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

========== Files - Modified Within 90 Days ==========

[2010/10/12 11:49:31 | 000,008,607 | ---- | M] () -- C:\WINDOWS\System32\maguksnd.dll
[2010/10/12 11:34:53 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\Desktop\gmer.zip
[2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
[2010/10/12 08:05:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/12 07:53:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/12 07:44:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/12 07:39:35 | 066,071,733 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/11 15:00:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 15:00:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin Voitle\Desktop\mbam-setup-1.46.exe
[2010/10/11 12:36:37 | 000,017,225 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\10.11.2010.docx
[2010/10/11 12:34:44 | 000,017,227 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.27.2010.docx
[2010/10/07 20:36:46 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 20:36:46 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/24 11:36:59 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/09/24 11:03:23 | 000,017,317 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.24.2010.docx
[2010/09/24 10:59:22 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.17.2010.docx
[2010/09/20 11:16:46 | 000,193,065 | ---- | M] () -- C:\WINDOWS\hpwins22.dat
[2010/09/16 08:26:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 07:49:26 | 000,017,102 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.14.2010.docx
[2010/09/13 08:30:00 | 000,017,103 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.13.2010.docx
[2010/09/11 09:02:47 | 000,017,056 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.10.2010.docx
[2010/09/10 08:03:41 | 000,017,023 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Personal Asst. 9.10.2010.docx
[2010/09/10 07:48:39 | 000,017,063 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Williston Town Office 7.25.2010.docx
[2010/09/07 09:37:29 | 000,010,598 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\fresh eggs.docx
[2010/08/26 11:20:56 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Laser 8.26.2010.xls
[2010/08/12 09:16:02 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/28 04:12:05 | 000,002,850 | ---- | M] () -- C:\WINDOWS\hpwmdl22.dat
[2010/07/27 07:16:42 | 000,017,270 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\VLCT 7.27.2010.docx
[2010/07/27 07:14:50 | 000,016,981 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Robin Resume & Cover Letter July 14 2010.docx
[2010/07/15 09:17:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 09:17:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 09:14:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

========== Files Created - No Company Name ==========

[2010/10/12 11:34:46 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Desktop\gmer.zip
[2010/10/12 07:53:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 15:00:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 12:36:33 | 000,017,225 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\10.11.2010.docx
[2010/09/27 12:17:58 | 000,017,227 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.27.2010.docx
[2010/09/24 11:03:23 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.24.2010.docx
[2010/09/20 10:58:32 | 000,193,065 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/09/20 10:58:30 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/09/17 10:16:19 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.17.2010.docx
[2010/09/14 07:49:26 | 000,017,102 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.14.2010.docx
[2010/09/13 07:49:25 | 000,017,103 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.13.2010.docx
[2010/09/10 08:09:40 | 000,017,056 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.10.2010.docx
[2010/09/10 07:51:37 | 000,017,023 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Personal Asst. 9.10.2010.docx
[2010/09/03 15:09:51 | 000,010,598 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\fresh eggs.docx
[2010/08/26 11:20:55 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Laser 8.26.2010.xls
[2010/07/27 07:13:36 | 000,017,270 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\VLCT 7.27.2010.docx
[2010/07/26 10:50:30 | 000,017,063 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Williston Town Office 7.25.2010.docx
[2010/05/06 14:03:29 | 000,008,607 | ---- | C] () -- C:\WINDOWS\System32\maguksnd.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/04 20:07:55 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 20:07:04 | 000,004,113 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/13 13:25:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/28 22:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2001/08/23 17:00:00 | 002,482,176 | ---- | C] () -- C:\WINDOWS\System32\aisiweb.dll
[2001/08/23 17:00:00 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\patacvga.dll
[2001/08/23 17:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\cfguhmic.dll
[2001/08/23 17:00:00 | 000,156,667 | ---- | C] () -- C:\WINDOWS\System32\avulsec32.dll
[2001/08/23 17:00:00 | 000,120,810 | ---- | C] () -- C:\WINDOWS\System32\ziparset.dll

========== LOP Check ==========

[2010/05/06 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/20 08:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/09/18 19:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/09/17 11:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/17 11:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/12 07:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 13:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/18 05:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\DriverCure
[2009/09/10 07:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\GetRightToGo
[2009/04/20 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\LimeWire

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/09/13 20:38:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/18 15:53:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2008/12/29 19:03:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/12/29 19:08:39 | 000,007,421 | ---- | M] () -- C:\ComboFix.txt
[2008/09/13 20:38:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/13 20:38:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/26 20:49:58 | 000,000,906 | -H-- | M] () -- C:\IPH.PH
[2008/09/13 20:38:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/18 15:42:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/19 14:34:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/12 07:43:49 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/10/12 07:44:46 | 000,000,072 | ---- | M] () -- C:\Pollog.txt
[2010/10/12 07:44:46 | 000,297,750 | ---- | M] () -- C:\PollSt.txt
[2009/08/13 07:18:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/13 18:27:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/12/29 18:39:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/12/29 22:26:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/12/30 09:13:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/12/30 20:52:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/12/31 23:28:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/01 21:42:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/02 13:35:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/01/02 18:39:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/02 21:37:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/01/03 08:05:23 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/04/09 08:11:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/04/09 17:14:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/11 20:46:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/05/12 21:52:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/13 08:23:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/06/15 07:49:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/08/12 21:50:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/08/13 06:37:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/08/13 07:18:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/08/13 18:27:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/12/29 18:39:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/12/29 22:26:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/12/30 09:13:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/12/30 20:52:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/12/31 23:28:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/01 21:42:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/02 13:35:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/02 18:39:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/02 21:37:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/01/03 08:05:23 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/04/09 08:11:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/04/09 17:14:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/05/11 20:46:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/05/12 21:52:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/05/13 08:23:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/06/15 07:49:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/08/12 21:50:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/08/13 06:37:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/09/13 13:23:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/13 13:23:38 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/13 13:23:38 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-08 00:39:46

< End of report >


OTL Extras logfile created on: 10/12/2010 12:41:22 PM - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Robin Voitle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 187.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 11.73 Gb Free Space | 41.96% Space Free | Partition Type: NTFS

Computer Name: ROBIN-ON5Z0WSDO | User Name: Robin Voitle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgam.exe" = C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe -- File not found
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Ethernet Adapter and Software
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2010 8:07:37 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2010 8:07:37 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2010 8:08:37 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/7/2010 8:08:37 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/7/2010 8:42:22 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2010 8:42:22 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/7/2010 8:43:01 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/7/2010 8:43:03 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 10/7/2010 8:50:16 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = ESENT | ID = 490
Description = svchost (1260) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 10/7/2010 8:50:16 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = ESENT | ID = 470
Description = Catalog Database (1260) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

[ System Events ]
Error - 9/21/2010 9:41:10 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
NICI-F69534BE4B that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{458D3E91-609. The master browser is stopping or an election is being
forced.

Error - 9/23/2010 9:53:43 AM | Computer Name = ROBIN-ON5Z0WSDO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 9/24/2010 10:35:09 AM | Computer Name = ROBIN-ON5Z0WSDO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'avgcfgx.dll.old' on the volume 'HarddiskVolume1'. It
has stopped monitoring the volume.

Error - 9/26/2010 1:45:21 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.18 on
the Network Card with network address 00042349BB68.

Error - 9/26/2010 6:44:03 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
NICI-F69534BE4B that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{458D3E91-609. The master browser is stopping or an election is being
forced.

Error - 10/4/2010 6:25:15 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.19 on
the Network Card with network address 00042349BB68.

Error - 10/4/2010 6:40:58 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 10/4/2010 9:14:07 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
NICI-F69534BE4B that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{458D3E91-609. The master browser is stopping or an election is being
forced.

Error - 10/6/2010 8:55:50 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.18 on
the Network Card with network address 00042349BB68.

Error - 10/7/2010 7:59:30 PM | Computer Name = ROBIN-ON5Z0WSDO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-12 12:39:12
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ROBINV~1\LOCALS~1\Temp\afgcyfod.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe[900] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1336] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\Explorer.EXE[2844] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3564] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3640] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe[3672] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 3A265018 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 3A264428 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 3A264698 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] ntdll.dll!NtSetInformationFile 7C90DC5E 5 Bytes JMP 3A264908 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 3A283748 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 3A2649C8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 3A287A48 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 3A283908 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 3A263B28 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 3A263938 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 3A2639F8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 3A263BC8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 3A25A298 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3A25A198 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 3A288368 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 3A283DC8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 3A287C98 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 3A28A1C8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 3A288098 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 3A288C48 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 3A287E48 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!recv 71AB676F 5 Bytes JMP 3A288618 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 3A288998 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 3A283FC8 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!gethostbyaddr 71ABE491 5 Bytes JMP 3A287D58 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 3A284358 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 3A284238 C:\WINDOWS\system32\patacvga.dll
.text C:\WINDOWS\system32\ctfmon.exe[3728] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 3A284188 C:\WINDOWS\system32\patacvga.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\Documents and Settings\Robin Voitle\Desktop\gmer\gmer.exe [900] 0x3A220000
Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1336] 0x3A220000
Library C:\WINDOWS\system32\vidavuri\excapsub\basuvipv.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1336] 0x10000000
Library C:\WINDOWS\system32\cfguhmic.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2844] 0x02290000
Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2844] 0x3A220000
Library C:\WINDOWS\system32\vidavuri\excapsub\basuvipv.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2844] 0x10000000
Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG9\avgtray.exe [3564] 0x3A220000
Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3640] 0x3A220000
Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [3672] 0x3A220000
Library C:\WINDOWS\system32\vidavuri\excapsub\basuvipv.dll (*** hidden *** ) @ C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe [3672] 0x06960000
Library C:\WINDOWS\system32\patacvga.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3728] 0x3A220000

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4796

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/12/2010 11:49:36 AM
mbam-log-2010-10-12 (11-49-36).txt

Scan type: Quick scan
Objects scanned: 132792
Time elapsed: 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
RKinner
Posted 15 October 2010 - 06:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Nope.

Copy the text in the code box by highlighting and Ctrl + c 

:OTL
MOD - [2008/04/13 20:12:10 | 001,294,336 | ---- | M] () -- C:\WINDOWS\System32\patacvga.dll
[2001/08/23 17:00:00 | 002,482,176 | ---- | C] () -- C:\WINDOWS\System32\aisiweb.dll
[2001/08/23 17:00:00 | 001,294,336 | ---- | C] () -- C:\WINDOWS\System32\patacvga.dll
[2001/08/23 17:00:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\cfguhmic.dll
[2001/08/23 17:00:00 | 000,156,667 | ---- | C] () -- C:\WINDOWS\System32\avulsec32.dll
[2001/08/23 17:00:00 | 000,120,810 | ---- | C] () -- C:\WINDOWS\System32\ziparset.dll
   
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Run the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Ron
  • 0

#3
RobertV
Posted 16 October 2010 - 11:02 AM

RobertV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Ron,

Thank you for the reply. I ran everything as instructed without any glitches. Below are the reports.

All processes killed
========== OTL ==========
C:\WINDOWS\system32\aisiweb.dll moved successfully.
C:\WINDOWS\system32\patacvga.dll moved successfully.
C:\WINDOWS\system32\cfguhmic.dll moved successfully.
C:\WINDOWS\system32\avulsec32.dll moved successfully.
C:\WINDOWS\system32\ziparset.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Robin Voitle
->Temp folder emptied: 1083791 bytes
->Temporary Internet Files folder emptied: 35215642 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 427143 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17761 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104069250 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 5612036 bytes

Total Files Cleaned = 140.00 mb


OTL by OldTimer - Version 3.2.15.1 log created on 10162010_111822

Files\Folders moved on Reboot...
C:\Documents and Settings\Robin Voitle\Local Settings\Temporary Internet Files\Content.IE5\J361Q5TG\288212-are-we-clean[1].htm moved successfully.
C:\Documents and Settings\Robin Voitle\Local Settings\Temporary Internet Files\Content.IE5\BAX5S32P\like[2].htm moved successfully.
C:\Documents and Settings\Robin Voitle\Local Settings\Temporary Internet Files\Content.IE5\BAX5S32P\xd_proxy[1].htm moved successfully.
C:\Documents and Settings\Robin Voitle\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...



OTL logfile created on: 10/16/2010 11:42:46 AM - Run 2
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Robin Voitle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 123.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 12.03 Gb Free Space | 43.06% Space Free | Partition Type: NTFS

Computer Name: ROBIN-ON5Z0WSDO | User Name: Robin Voitle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
PRC - [2010/10/04 18:38:23 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:52:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/23 01:33:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:17:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:16:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:14:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:14:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/23 01:33:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:16:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/15 09:17:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:14:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 18:25:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2006/08/02 14:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2003/04/28 22:39:24 | 000,625,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/09 12:59:54 | 000,194,000 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/09/20 11:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/22 07:09:53 | 000,000,000 | ---D | M]

[2009/03/30 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\Mozilla\Extensions
[2009/03/30 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2001/08/23 17:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smart...oad/cscmv5X.cab (CMV5 Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221752588704 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262386488565 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: Bitudeng - {B3E38F5B-94B7-4ADE-9016-821F52AFC58D} - C:\WINDOWS\System32\cfguhmic.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/13 20:38:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/16 11:18:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/12 11:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\gmer
[2010/10/12 11:32:32 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
[2010/10/12 07:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/11 15:00:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/11 15:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/11 15:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 15:00:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin Voitle\Desktop\mbam-setup-1.46.exe
[2010/10/07 20:00:36 | 000,000,000 | ---D | C] -- C:\af976bd5e6f127efb54a6a4eae465559
[2010/09/22 07:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/20 11:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Application Data\HP
[2010/09/20 11:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/20 11:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/09/20 11:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/09/20 11:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/09/20 11:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/09/20 11:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/09/20 11:01:06 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/09/15 07:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\AVG
[2010/09/15 07:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\Lynn Work
[2010/08/11 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

========== Files - Modified Within 90 Days ==========

[2010/10/16 11:39:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/16 11:38:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 11:09:36 | 066,468,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/16 10:58:39 | 000,008,607 | ---- | M] () -- C:\WINDOWS\System32\maguksnd.dll
[2010/10/12 11:34:53 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\Desktop\gmer.zip
[2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
[2010/10/12 07:53:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 15:00:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 15:00:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin Voitle\Desktop\mbam-setup-1.46.exe
[2010/10/11 12:36:37 | 000,017,225 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\10.11.2010.docx
[2010/10/11 12:34:44 | 000,017,227 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.27.2010.docx
[2010/10/07 20:36:46 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 20:36:46 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/03 10:36:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/24 11:36:59 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/09/24 11:03:23 | 000,017,317 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.24.2010.docx
[2010/09/24 10:59:22 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.17.2010.docx
[2010/09/20 11:16:46 | 000,193,065 | ---- | M] () -- C:\WINDOWS\hpwins22.dat
[2010/09/14 07:49:26 | 000,017,102 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.14.2010.docx
[2010/09/13 08:30:00 | 000,017,103 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.13.2010.docx
[2010/09/11 09:02:47 | 000,017,056 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.10.2010.docx
[2010/09/10 08:03:41 | 000,017,023 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Personal Asst. 9.10.2010.docx
[2010/09/10 07:48:39 | 000,017,063 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Williston Town Office 7.25.2010.docx
[2010/09/07 09:37:29 | 000,010,598 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\fresh eggs.docx
[2010/08/26 11:20:56 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Laser 8.26.2010.xls
[2010/08/12 09:16:02 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/28 04:12:05 | 000,002,850 | ---- | M] () -- C:\WINDOWS\hpwmdl22.dat
[2010/07/27 07:16:42 | 000,017,270 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\VLCT 7.27.2010.docx
[2010/07/27 07:14:50 | 000,016,981 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Robin Resume & Cover Letter July 14 2010.docx

========== Files Created - No Company Name ==========

[2010/10/12 11:34:46 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Desktop\gmer.zip
[2010/10/12 07:53:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 15:00:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 12:36:33 | 000,017,225 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\10.11.2010.docx
[2010/09/27 12:17:58 | 000,017,227 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.27.2010.docx
[2010/09/24 11:03:23 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.24.2010.docx
[2010/09/20 10:58:32 | 000,193,065 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/09/20 10:58:30 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/09/17 10:16:19 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.17.2010.docx
[2010/09/14 07:49:26 | 000,017,102 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.14.2010.docx
[2010/09/13 07:49:25 | 000,017,103 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.13.2010.docx
[2010/09/10 08:09:40 | 000,017,056 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.10.2010.docx
[2010/09/10 07:51:37 | 000,017,023 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Personal Asst. 9.10.2010.docx
[2010/09/03 15:09:51 | 000,010,598 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\fresh eggs.docx
[2010/08/26 11:20:55 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Laser 8.26.2010.xls
[2010/07/27 07:13:36 | 000,017,270 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\VLCT 7.27.2010.docx
[2010/07/26 10:50:30 | 000,017,063 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Williston Town Office 7.25.2010.docx
[2010/05/06 14:03:29 | 000,008,607 | ---- | C] () -- C:\WINDOWS\System32\maguksnd.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/04 20:07:55 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 20:07:04 | 000,004,113 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/13 13:25:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/28 22:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/05/06 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/20 08:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/09/18 19:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/09/17 11:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/17 11:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/12 07:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 13:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/18 05:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\DriverCure
[2009/09/10 07:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\GetRightToGo
[2009/04/20 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\LimeWire

========== Purity Check ==========



< End of report >



ComboFix 10-10-15.04 - Robin Voitle 10/16/2010 12:22:40.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.167 [GMT -4:00]
Running from: c:\documents and settings\Robin Voitle\Desktop\George.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robin Voitle\Recent\Thumbs.db
c:\windows\Downloaded Program Files\CpnMgr.dll
c:\windows\system32\BSTIEPrintCtl1.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 15:18 . 2010-10-16 15:18 -------- d-----w- C:\_OTL
2010-10-12 11:52 . 2010-10-12 11:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-11 19:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 19:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 19:00 . 2010-10-11 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 00:00 . 2010-10-08 00:00 -------- d-----w- C:\af976bd5e6f127efb54a6a4eae465559
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 11:08 . 2010-09-22 11:08 -------- d-----w- c:\program files\MSXML 4.0
2010-09-20 15:16 . 2010-09-20 15:16 -------- d-----w- c:\documents and settings\Robin Voitle\Application Data\HP
2010-09-20 15:10 . 2010-05-14 18:56 319488 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp02t.dll
2010-09-20 15:10 . 2010-05-14 18:56 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2010-09-20 15:09 . 2010-09-20 15:09 -------- d-----w- c:\program files\Microsoft
2010-09-20 15:09 . 2010-09-20 15:09 -------- d-----w- c:\program files\MSN Toolbar
2010-09-20 15:08 . 2010-09-20 15:09 -------- d-----w- c:\program files\Bing Bar Installer
2010-09-20 15:07 . 2010-09-20 15:07 -------- d-----w- c:\program files\Common Files\HP
2010-09-20 15:07 . 2010-09-20 15:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-09-20 15:06 . 2010-09-20 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-09-20 15:02 . 2010-02-01 06:54 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-09-20 15:02 . 2010-05-13 10:25 718336 ----a-w- c:\windows\system32\hpwwiax5.dll
2010-09-20 15:02 . 2010-05-13 10:25 970752 ----a-w- c:\windows\system32\hpwtiop4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/6/2010 2:45 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/6/2010 2:45 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:14 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:16 AM 308136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
SSODL-Bitudeng-{B3E38F5B-94B7-4ADE-9016-821F52AFC58D} - c:\windows\system32\cfguhmic.dll


.
Completion time: 2010-10-16 12:33:57
ComboFix-quarantined-files.txt 2010-10-16 16:33
ComboFix2.txt 2008-12-29 23:08

Pre-Run: 12,877,123,584 bytes free
Post-Run: 12,843,499,520 bytes free

- - End Of File - - B1872AC25BED45E1C70930A9F4282735



MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8A35000 \WINDOWS\system32\KDCOM.DLL
0xF8945000 \WINDOWS\system32\BOOTVID.dll
0xF84E6000 ACPI.sys
0xF8A37000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF84D5000 pci.sys
0xF8535000 isapnp.sys
0xF8545000 ohci1394.sys
0xF8555000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8949000 compbatt.sys
0xF894D000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8AFD000 pciide.sys
0xF87B5000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8A39000 intelide.sys
0xF84B7000 pcmcia.sys
0xF8565000 MountMgr.sys
0xF8498000 ftdisk.sys
0xF8951000 ACPIEC.sys
0xF8AFE000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF87BD000 PartMgr.sys
0xF8575000 VolSnap.sys
0xF8480000 atapi.sys
0xF8585000 disk.sys
0xF8595000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8460000 fltmgr.sys
0xF844E000 sr.sys
0xF8437000 KSecDD.sys
0xF83AA000 Ntfs.sys
0xF837D000 NDIS.sys
0xF8363000 Mup.sys
0xF85A5000 agp440.sys
0xF89DD000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8675000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7AF1000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF79E0000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8805000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF794E000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF880D000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7833000 \SystemRoot\System32\DRIVERS\w70n51.sys
0xF86C5000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF77DD000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF86E5000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF883D000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8845000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF77C9000 \SystemRoot\System32\DRIVERS\parport.sys
0xF86F5000 \SystemRoot\System32\DRIVERS\serial.sys
0xF89F5000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF8855000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8705000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF8715000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8725000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF77A6000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7776000 \SystemRoot\system32\drivers\STAC97.sys
0xF7752000 \SystemRoot\system32\drivers\portcls.sys
0xF8735000 \SystemRoot\system32\drivers\drmk.sys
0xF8C6D000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8745000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A0D000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF773B000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8755000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8765000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF888D000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF772A000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8775000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF889D000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF88AD000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF76FA000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8785000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A4B000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7674000 \SystemRoot\System32\DRIVERS\update.sys
0xF8A31000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8795000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF85D5000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A4F000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A51000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C6E000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A53000 \SystemRoot\System32\Drivers\Beep.SYS
0xF88D5000 \SystemRoot\System32\drivers\vga.sys
0xF8A55000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A57000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF88DD000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF88E5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF89CD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB27A8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB274F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB2715000 \SystemRoot\System32\Drivers\avgtdix.sys
0xB26EF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7C1F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7C0F000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xB26C7000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB26A5000 \SystemRoot\System32\drivers\afd.sys
0xF7BFF000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB25DA000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB256A000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7BDF000 \SystemRoot\System32\Drivers\Fips.SYS
0xF88ED000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB2536000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7BAF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB24F6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8A6D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF76DA000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8905000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BCF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF05A000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB23FA000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB2109000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8AAB000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB1FEA000 \SystemRoot\System32\DRIVERS\srv.sys
0xB1AFD000 \SystemRoot\system32\drivers\wdmaud.sys
0xB1F62000 \SystemRoot\system32\drivers\sysaudio.sys
0xB171E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF8A41000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF88B5000 \??\C:\DOCUME~1\ROBINV~1\LOCALS~1\Temp\catchme.sys
0xF88CD000 \??\C:\DOCUME~1\ROBINV~1\LOCALS~1\Temp\mbr.sys
0xB1308000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
784 C:\WINDOWS\system32\smss.exe
856 csrss.exe
880 C:\WINDOWS\system32\winlogon.exe
928 C:\WINDOWS\system32\services.exe
940 C:\WINDOWS\system32\lsass.exe
1092 C:\WINDOWS\system32\svchost.exe
1156 svchost.exe
1196 C:\WINDOWS\system32\svchost.exe
1268 svchost.exe
1372 C:\Program Files\AVG\AVG9\avgchsvx.exe
1380 C:\Program Files\AVG\AVG9\avgrsx.exe
1416 svchost.exe
1584 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1964 C:\WINDOWS\system32\spoolsv.exe
632 svchost.exe
664 C:\WINDOWS\system32\ati2evxx.exe
680 C:\Program Files\AVG\AVG9\avgwdsvc.exe
712 C:\WINDOWS\system32\svchost.exe
388 C:\WINDOWS\system32\svchost.exe
824 C:\WINDOWS\system32\svchost.exe
1216 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1548 C:\WINDOWS\system32\svchost.exe
1044 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2016 C:\Program Files\AVG\AVG9\avgemc.exe
128 C:\Program Files\AVG\AVG9\avgnsx.exe
516 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2216 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2800 alg.exe
3708 C:\PROGRA~1\AVG\AVG9\avgtray.exe
4036 C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
1280 C:\WINDOWS\system32\ctfmon.exe
3440 C:\WINDOWS\system32\wuauclt.exe
3724 wmiprvse.exe
2112 C:\WINDOWS\explorer.exe
1740 C:\Program Files\Internet Explorer\iexplore.exe
2840 C:\Program Files\Internet Explorer\iexplore.exe
1048 C:\Documents and Settings\Robin Voitle\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: IC25N030ATCS04-0, Rev: CA3OA71A

Size Device Name MBR Status
--------------------------------------------
27 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



QuickScan Beta 32-bit v0.9.9.50
-------------------------------
Scan date: Sat Oct 16 12:52:51 2010
Machine ID: 64EFA6FB



No infection found.
-------------------



Processes
---------
ati2evxx.exe 664 C:\WINDOWS\system32\ati2evxx.exe
AVG Internet Security 1372 C:\Program Files\AVG\AVG9\avgchsvx.exe
AVG Internet Security 1584 C:\Program Files\AVG\AVG9\avgcsrvx.exe
AVG Internet Security 516 C:\Program Files\AVG\AVG9\avgcsrvx.exe
AVG Internet Security 2016 C:\Program Files\AVG\AVG9\avgemc.exe
AVG Internet Security 128 C:\Program Files\AVG\AVG9\avgnsx.exe
AVG Internet Security 1380 C:\Program Files\AVG\AVG9\avgrsx.exe
AVG Internet Security 680 C:\Program Files\AVG\AVG9\avgwdsvc.exe
AVG Internet Security 3708 C:\PROGRA~1\AVG\AVG9\avgtray.exe
Bing Bar 4036 C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
Microsoft Search Enhancement Pack 1216 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
Microsoft® Windows Live ID 1044 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 2216 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 2112 C:\WINDOWS\explorer.exe
Microsoft® Windows® Operating System 2800 C:\WINDOWS\system32\alg.exe
Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\csrss.exe
Microsoft® Windows® Operating System 1280 C:\WINDOWS\system32\ctfmon.exe
Microsoft® Windows® Operating System 940 C:\WINDOWS\system32\lsass.exe
Microsoft® Windows® Operating System 928 C:\WINDOWS\system32\services.exe
Microsoft® Windows® Operating System 784 C:\WINDOWS\system32\smss.exe
Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 388 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 632 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 824 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1268 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1196 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1156 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1416 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1548 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\svchost.exe
Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\winlogon.exe
Microsoft® Windows® Operating System 3440 C:\WINDOWS\system32\wuauclt.exe
Windows® Internet Explorer 1740 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 2840 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process svchost.exe (1156) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
ATI 2D Component C:\WINDOWS\system32\Ati2mdxx.exe
AVG Internet Security C:\Program Files\AVG\AVG9\avgtray.exe
AVG Internet Security C:\WINDOWS\system32\avgrsstx.dll
Bing Bar C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
Default Manager C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.2\FP_AX_CAB_INSTALLER.exe
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AVG Internet Security c:\program files\avg\avg9\avgssie.dll
Bing Bar c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
CpnMgr Module C:\WINDOWS\Downloaded Program Files\CONFLICT.1\CpnMgr.dll
IEAWSDC.DLL C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\DOCUME~1\ROBINV~1\LOCALS~1\Temp\catchme.sys
--> HKLM\System\ControlSet001\services\catchme\"ImagePath"

File not found: C:\DOCUME~1\ROBINV~1\LOCALS~1\Temp\mbr.sys
--> HKLM\System\ControlSet001\services\mbr\"ImagePath"

File not found: c:\program files\java\jre6\bin\jp2ssv.dll
--> HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32\"(default)"


Scan
----


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.04 MB sent, 0.79 KB recvd
Scanned 942 files and modules - 119 seconds

==============================================================================
  • 0

#4
RKinner
Posted 16 October 2010 - 01:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\WINDOWS\System32\maguksnd.dll

Registry::
[-HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

Ron
  • 0

#5
RobertV
Posted 16 October 2010 - 04:41 PM

RobertV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi Ron,

OK, I dragged the CFScript notepad over to George and it started running. Here is the log from that and I ran OTL quick scan again and posted that as well.

Thanks again,
Robert


ComboFix 10-10-15.04 - Robin Voitle 10/16/2010 17:58:38.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.207 [GMT -4:00]
Running from: c:\documents and settings\Robin Voitle\Desktop\George.exe
Command switches used :: c:\documents and settings\Robin Voitle\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\System32\maguksnd.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\maguksnd.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 16:51 . 2010-10-16 16:52 -------- d-----w- c:\documents and settings\Robin Voitle\Application Data\QuickScan
2010-10-16 16:19 . 2010-10-16 16:34 -------- d-----w- C:\George
2010-10-16 15:24 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-16 15:24 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-16 15:18 . 2010-10-16 15:18 -------- d-----w- C:\_OTL
2010-10-16 15:17 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-12 11:52 . 2010-10-12 11:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-11 19:00 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-11 19:00 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-11 19:00 . 2010-10-11 19:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-08 00:00 . 2010-10-08 00:00 -------- d-----w- C:\af976bd5e6f127efb54a6a4eae465559
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 11:08 . 2010-09-22 11:08 -------- d-----w- c:\program files\MSXML 4.0
2010-09-20 15:16 . 2010-09-20 15:16 -------- d-----w- c:\documents and settings\Robin Voitle\Application Data\HP
2010-09-20 15:10 . 2010-05-14 18:56 319488 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp02t.dll
2010-09-20 15:10 . 2010-05-14 18:56 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2010-09-20 15:09 . 2010-09-20 15:09 -------- d-----w- c:\program files\Microsoft
2010-09-20 15:09 . 2010-09-20 15:09 -------- d-----w- c:\program files\MSN Toolbar
2010-09-20 15:08 . 2010-09-20 15:09 -------- d-----w- c:\program files\Bing Bar Installer
2010-09-20 15:07 . 2010-09-20 15:07 -------- d-----w- c:\program files\Common Files\HP
2010-09-20 15:07 . 2010-09-20 15:07 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-09-20 15:06 . 2010-09-20 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-09-20 15:02 . 2010-02-01 06:54 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-09-20 15:02 . 2010-05-13 10:25 718336 ----a-w- c:\windows\system32\hpwwiax5.dll
2010-09-20 15:02 . 2010-05-13 10:25 970752 ----a-w- c:\windows\system32\hpwtiop4.dll
2010-09-18 16:23 . 2010-09-18 16:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/6/2010 2:45 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/6/2010 2:45 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:14 AM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:16 AM 308136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-16 18:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-16 22:25
ComboFix2.txt 2010-10-16 16:33
ComboFix3.txt 2008-12-29 23:08

Pre-Run: 12,723,712,000 bytes free
Post-Run: 12,721,262,592 bytes free

- - End Of File - - 1F51EA03D6C1EAACDB46709B8058F83C



OTL logfile created on: 10/16/2010 6:29:47 PM - Run 3
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Documents and Settings\Robin Voitle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 141.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 11.86 Gb Free Space | 42.46% Space Free | Partition Type: NTFS

Computer Name: ROBIN-ON5Z0WSDO | User Name: Robin Voitle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
PRC - [2010/10/04 18:38:23 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 09:52:44 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/23 01:33:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 09:17:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:16:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:14:26 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:14:20 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/27 16:39:38 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/23 01:33:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:16:45 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ROBINV~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:17:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:14:27 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 18:25:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2006/08/02 14:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2003/04/28 22:39:24 | 000,625,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/09 12:59:54 | 000,194,000 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/09/20 11:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/22 07:09:53 | 000,000,000 | ---D | M]

[2009/03/30 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\Mozilla\Extensions
[2009/03/30 20:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2010/10/16 18:19:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1221752588704 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1262386488565 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/13 20:38:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/16 12:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Application Data\QuickScan
[2010/10/16 12:19:31 | 000,000,000 | ---D | C] -- C:\George
[2010/10/16 11:18:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/12 11:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\gmer
[2010/10/12 11:32:32 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
[2010/10/12 07:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/11 15:00:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/11 15:00:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/11 15:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 15:00:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin Voitle\Desktop\mbam-setup-1.46.exe
[2010/10/07 20:00:36 | 000,000,000 | ---D | C] -- C:\af976bd5e6f127efb54a6a4eae465559
[2010/09/22 07:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/20 11:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Application Data\HP
[2010/09/20 11:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/20 11:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/09/20 11:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/09/20 11:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/09/20 11:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/09/20 11:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/09/20 11:01:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/15 07:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\AVG
[2010/09/15 07:06:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robin Voitle\Desktop\Lynn Work
[2010/08/11 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

========== Files - Modified Within 90 Days ==========

[2010/10/16 18:19:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/16 18:19:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/16 18:08:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/16 17:48:59 | 066,482,599 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/16 17:14:47 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/16 13:19:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/16 13:18:50 | 002,003,524 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2010/10/16 12:39:47 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\Desktop\MBRCheck.exe
[2010/10/16 12:07:56 | 003,879,098 | R--- | M] () -- C:\Documents and Settings\Robin Voitle\Desktop\George.exe
[2010/10/12 11:34:53 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\Desktop\gmer.zip
[2010/10/12 11:32:45 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robin Voitle\Desktop\OTL.exe
[2010/10/12 07:53:39 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 15:00:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 15:00:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Robin Voitle\Desktop\mbam-setup-1.46.exe
[2010/10/11 12:36:37 | 000,017,225 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\10.11.2010.docx
[2010/10/11 12:34:44 | 000,017,227 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.27.2010.docx
[2010/10/07 20:36:46 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 20:36:46 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/24 11:36:59 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/09/24 11:03:23 | 000,017,317 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.24.2010.docx
[2010/09/24 10:59:22 | 000,017,234 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.17.2010.docx
[2010/09/20 11:16:46 | 000,193,065 | ---- | M] () -- C:\WINDOWS\hpwins22.dat
[2010/09/14 07:49:26 | 000,017,102 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.14.2010.docx
[2010/09/13 08:30:00 | 000,017,103 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.13.2010.docx
[2010/09/11 09:02:47 | 000,017,056 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.10.2010.docx
[2010/09/10 08:03:41 | 000,017,023 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Personal Asst. 9.10.2010.docx
[2010/09/10 07:48:39 | 000,017,063 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Williston Town Office 7.25.2010.docx
[2010/09/07 09:37:29 | 000,010,598 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\fresh eggs.docx
[2010/08/26 11:20:56 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Laser 8.26.2010.xls
[2010/07/28 04:12:05 | 000,002,850 | ---- | M] () -- C:\WINDOWS\hpwmdl22.dat
[2010/07/27 07:16:42 | 000,017,270 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\VLCT 7.27.2010.docx
[2010/07/27 07:14:50 | 000,016,981 | ---- | M] () -- C:\Documents and Settings\Robin Voitle\My Documents\Robin Resume & Cover Letter July 14 2010.docx

========== Files Created - No Company Name ==========

[2010/10/16 12:39:41 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Desktop\MBRCheck.exe
[2010/10/16 12:19:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/16 12:19:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/16 12:07:56 | 003,879,098 | R--- | C] () -- C:\Documents and Settings\Robin Voitle\Desktop\George.exe
[2010/10/12 11:34:46 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Desktop\gmer.zip
[2010/10/12 07:53:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 15:00:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 12:36:33 | 000,017,225 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\10.11.2010.docx
[2010/09/27 12:17:58 | 000,017,227 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.27.2010.docx
[2010/09/24 11:03:23 | 000,017,317 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.24.2010.docx
[2010/09/20 10:58:32 | 000,193,065 | ---- | C] () -- C:\WINDOWS\hpwins22.dat
[2010/09/20 10:58:30 | 000,002,850 | ---- | C] () -- C:\WINDOWS\hpwmdl22.dat
[2010/09/17 10:16:19 | 000,017,234 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.17.2010.docx
[2010/09/14 07:49:26 | 000,017,102 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.14.2010.docx
[2010/09/13 07:49:25 | 000,017,103 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.13.2010.docx
[2010/09/10 08:09:40 | 000,017,056 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\9.10.2010.docx
[2010/09/10 07:51:37 | 000,017,023 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Personal Asst. 9.10.2010.docx
[2010/09/03 15:09:51 | 000,010,598 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\fresh eggs.docx
[2010/08/26 11:20:55 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Laser 8.26.2010.xls
[2010/07/27 07:13:36 | 000,017,270 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\VLCT 7.27.2010.docx
[2010/07/26 10:50:30 | 000,017,063 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\My Documents\Williston Town Office 7.25.2010.docx
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/04/04 20:07:55 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Robin Voitle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 20:07:04 | 000,004,113 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/13 13:25:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/28 22:28:52 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/05/06 14:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/20 08:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/09/18 19:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/09/17 11:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/09/17 11:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/10/12 07:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/13 13:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/18 05:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\DriverCure
[2009/09/10 07:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\GetRightToGo
[2009/04/20 16:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\LimeWire
[2010/10/16 12:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Robin Voitle\Application Data\QuickScan

========== Purity Check ==========



< End of report >
  • 0

#6
RKinner
Posted 16 October 2010 - 04:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Logs look good now. Any problems left?

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

Let's check the logs to see if anything odd is still happening:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
RobertV
Posted 16 October 2010 - 06:19 PM

RobertV

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK, here are the VEW logs.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/10/2010 8:15:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/10/2010 8:16:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/10/2010 12:44:07 PM
Type: error Category: 0
Event: 11 Source: crypt32
Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: The data is invalid.

Log: 'Application' Date/Time: 16/10/2010 11:03:18 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 11:03:17 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 11:03:17 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 11:03:16 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 11:03:14 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 11:03:14 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 11:03:14 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 16/10/2010 10:59:18 AM
Type: error Category: 3
Event: 454 Source: ESENT
Catalog Database (1232) Database recovery/restore failed with unexpected error -1216.

Log: 'Application' Date/Time: 16/10/2010 10:59:18 AM
Type: error Category: 3
Event: 494 Source: ESENT
Catalog Database (1232) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb', which is no longer present. The database was not brought to a consistent state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, please contact PSS for further instructions regarding the steps required in order to allow recovery to proceed without this database.

Log: 'Application' Date/Time: 16/10/2010 10:58:33 AM
Type: error Category: 12
Event: 470 Source: ESENT
Catalog Database (1232) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb is partially attached. Attachment stage: 3. Error: -1032.

Log: 'Application' Date/Time: 16/10/2010 10:58:33 AM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1232) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 16/10/2010 10:57:55 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 14/10/2010 11:10:14 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 07/10/2010 8:50:16 PM
Type: error Category: 12
Event: 470 Source: ESENT
Catalog Database (1260) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb is partially attached. Attachment stage: 3. Error: -1032.

Log: 'Application' Date/Time: 07/10/2010 8:50:16 PM
Type: error Category: 1
Event: 490 Source: ESENT
svchost (1260) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Log: 'Application' Date/Time: 07/10/2010 8:43:03 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1180947459.

Log: 'Application' Date/Time: 07/10/2010 8:43:01 PM
Type: error Category: 0
Event: 1001 Source: Application Hang
Fault bucket 1180947459.

Log: 'Application' Date/Time: 07/10/2010 8:42:22 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 07/10/2010 8:42:22 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2010 8:36:47 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 27/08/2010 1:53:52 PM
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 27/08/2010 11:01:48 AM
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 27/08/2010 8:52:37 AM
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 26/08/2010 11:06:23 AM
Type: warning Category: 0
Event: 6 Source: crypt32
Reached crypt32 threshold of 50 events and will suspend logging for 60 minutes

Log: 'Application' Date/Time: 11/08/2010 10:54:47 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 24/06/2010 7:11:24 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 24/06/2010 7:11:24 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 24/06/2010 7:11:23 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 24/06/2010 7:11:19 PM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 24/06/2010 7:03:23 PM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 11/06/2010 7:18:24 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 11/06/2010 7:18:24 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 11/06/2010 7:18:24 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Configuration section system.serviceModel already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Log: 'Application' Date/Time: 11/06/2010 7:18:22 AM
Type: warning Category: 0
Event: 0 Source: System.ServiceModel.Install 3.0.0.0
Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Log: 'Application' Date/Time: 11/06/2010 7:15:44 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/06/2010 6:52:33 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 10/06/2010 6:45:54 AM
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x80080005

Log: 'Application' Date/Time: 10/06/2010 6:31:56 AM
Type: warning Category: 1
Event: 1020 Source: ASP.NET 2.0.50727.0
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Log: 'Application' Date/Time: 06/05/2010 4:52:05 PM
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user ROBIN-ON5Z0WSDO\Robin Voitle registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
  • 0

#8
RKinner
Posted 16 October 2010 - 07:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Get Dial-a-fix from:

http://wiki.lunarsof...wiki/Dial-a-fix

It's a ZIP so you will need to right click on it and Extract All. Then run it. There is a section called WU/WUAU
Find it and check the Fix Windows Updates then click on FLUSH SOFTWARE DISTRIBUTION then click on the green check marks at the bottom then hit the GO button at the bottom.

Then Clear the events again, reboot and runt eh event viewer as before.

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP