[noiserider]

I loaded an infected file from the internet http://rapidshare.co...35278438/up.exq (the .exe was changed to .exq for safety)

My Avast software detected a virus and said something like "you're safe". I continued using the computer to do my normal work for about an hour with no problems. Then I decided I better be sure I was virus free so I updated my version of MBAM. The update contained a database update and a program update which required a re-boot.

Now XP won't boot. I get a black screen with a blinking cursor. I can use the del key to get to the bios. I can use f12 to boot from other devices.

I ran the AVG software as described in a post on this forum. It detected a virus BXGR.

I have the ACER XP recovery disk, but it says it will overwrite everything on my hard disk so I terminated that program. I have my data backed up to another drive, but I'd like to explore whether there is a way to fix the XP boot problem without having to reload the entire system.

Help!

Edited by noiserider, 06 December 2010 - 08:40 PM.

[Advertisements]

I'm reading a related post: http://www.geekstogo...sor-on-startup/

I followed the instructions to create an Emergency BootLoader

I selected Emergency Bootloader and got the following message:

Windows could not start because of a computer disk hardware configuration problem.
Could not read from the selected boot disk. Check boot path and disk hardware.

[noiserider]

I'm reading a related post: http://www.geekstogo...sor-on-startup/

I followed the instructions to create an Emergency BootLoader

I selected Emergency Bootloader and got the following message:

Windows could not start because of a computer disk hardware configuration problem.
Could not read from the selected boot disk. Check boot path and disk hardware.

[noiserider]

I got Windows to load using the following modifications to boot.ini in the Emergency Bootloader:

[boot loader]
timeout=-1
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Emergency Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=Optin

I loaded OTL and ran a quickscan with the following parameters in the custom scan field

netsvcs
drivers32
/md5start
winlogon.exe
userinit.exe
explorer.exe
svchost.exe
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
type c:\boot.ini >> test.txt

The Output files are in the next two posts.

[noiserider]

created on: 12/7/2010 9:16:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Keith Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 36.72 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.26 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive H: | 245.71 Mb Total Space | 245.42 Mb Free Space | 99.88% Space Free | Partition Type: FAT
Drive Y: | 74.46 Gb Total Space | 46.37 Gb Free Space | 62.27% Space Free | Partition Type: NTFS

Computer Name: ACER-SUNROOM | User Name: Keith Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 09:16:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Admin\My Documents\Downloads\OTL.exe
PRC - [2010/10/30 06:18:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 06:34:37 | 012,487,856 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/02/23 08:49:16 | 002,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008/12/11 14:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 01:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/08 07:38:54 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/06/28 06:46:30 | 000,622,592 | ---- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/06/27 09:30:30 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/03/01 15:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/03/17 13:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe


========== Modules (SafeList) ==========

MOD - [2010/12/07 09:16:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Admin\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/07/26 07:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/11 16:18:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/11 14:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/22 14:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/01/21 08:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/12/18 11:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/11/02 18:52:14 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/09/24 02:09:52 | 000,041,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/09/22 10:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/08/19 02:27:00 | 004,805,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 15:48:00 | 006,555,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/05 23:52:26 | 000,132,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/17 01:43:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 01:43:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/28 05:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/01/19 02:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 21:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 06:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 15:04:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/29 06:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/02 15:01:28 | 000,000,000 | ---D | M]

[2010/11/23 14:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions
[2010/05/02 07:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/11/23 14:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions\[email protected]
[2010/12/04 07:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions
[2010/07/21 06:06:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/07 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\[email protected]
[2010/12/04 07:56:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/28 06:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2010/05/10 06:04:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 08:55:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/09/29 13:16:46 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/09/29 13:16:50 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/09/29 13:19:44 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/09/29 13:16:56 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/09/29 13:17:08 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 22:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1249944521046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264526934562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/02 18:21:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{933c316b-f5d6-11df-a519-002197c565ea}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{b145e647-486d-11df-a4f7-002197c565ea}\Shell - "" = AutoRun
O33 - MountPoints2\{b145e647-486d-11df-a4f7-002197c565ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b145e647-486d-11df-a4f7-002197c565ea}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/27 10:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Desktop\Config
[2010/11/23 14:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\My Documents\TomTom
[2010/11/23 14:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/11/23 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Local Settings\Application Data\TomTom
[2010/11/23 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Application Data\TomTom
[2010/11/23 14:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/11/23 14:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010/11/23 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2008/05/09 07:58:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 09:15:44 | 000,443,240 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 09:15:44 | 000,072,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/07 09:12:14 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/07 09:12:01 | 000,188,791 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/07 09:11:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 09:11:10 | 1878,249,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 09:03:49 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sunroom Acer Thunderbird Backup.job
[2010/12/07 09:00:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sunroom Acer Backup.job
[2010/12/07 08:33:40 | 000,000,388 | ---- | M] () -- C:\boot.ini
[2010/12/07 08:13:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 14:35:16 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-UF50O.msg
[2010/12/06 14:35:16 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-UF50O.lst
[2010/11/29 09:14:44 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Keith Admin\My Documents\Methacton Rose Tree Summary.doc
[2010/11/25 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/25 15:33:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 08:53:46 | 000,000,211 | RHS- | C] () -- C:\Copy of boot.ini
[2010/12/07 08:53:32 | 000,250,048 | RHS- | C] () -- C:\Copy of ntldr
[2010/12/07 08:53:22 | 000,047,564 | RHS- | C] () -- C:\Copy of NTDETECT.COM
[2010/12/07 08:36:14 | 1878,249,472 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/06 14:35:16 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-UF50O.lst
[2010/12/06 14:35:15 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-UF50O.msg
[2010/11/27 08:44:56 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Keith Admin\My Documents\Methacton Rose Tree Summary.doc
[2010/04/02 12:48:07 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Keith Admin\Application Data\setup_ldm.iss
[2009/12/16 13:53:02 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/10/30 07:19:19 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\msgphd.dll
[2009/10/30 07:19:19 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\msgpd.dll
[2009/08/14 12:42:05 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/14 12:42:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/14 12:41:32 | 000,000,287 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/08/14 12:41:32 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/08/14 12:40:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/08/14 12:38:05 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/08/11 19:03:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/11 12:55:09 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/11 12:55:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/08/11 12:54:48 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll
[2009/08/11 12:54:38 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2009/08/11 12:54:35 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll
[2009/08/11 12:53:48 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/11 12:49:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/11 06:21:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/10 20:22:29 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/08/10 20:22:29 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/08/10 20:22:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/08/10 20:22:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/08/10 20:22:26 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/08/10 17:43:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2009/08/10 17:29:43 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Keith Admin\Local Settings\Application Data\fusioncache.dat
[2009/06/26 01:27:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2009/06/26 01:27:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2009/06/26 01:27:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2009/06/26 01:27:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2008/11/04 03:14:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/02 18:52:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2008/11/02 18:21:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/02 16:09:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2008/07/30 21:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/14 22:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/28 05:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/08/01 04:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/10 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/12/16 13:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2009/08/14 12:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/07 13:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/12/07 09:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/23 14:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/12/07 09:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Abine
[2010/04/27 05:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\acccore
[2009/10/30 07:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Excel Dialer Pro
[2010/01/27 11:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\FileZilla
[2009/08/11 19:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Leadertech
[2009/08/15 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\PC-FAX TX
[2009/08/10 20:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\PCToolsFirewallPlus
[2009/10/18 15:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\ScanSoft
[2010/02/07 13:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\TaxCut
[2010/05/26 12:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\TechWizard
[2010/05/02 07:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Thunderbird
[2010/11/23 14:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\TomTom
[2010/06/17 19:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\webex
[2010/12/07 09:00:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Sunroom Acer Backup.job
[2010/12/07 09:03:49 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Sunroom Acer Thunderbird Backup.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 22:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 22:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 22:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 22:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %SYSTEMDRIVE%\*.* >
[2008/11/02 18:21:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/07 08:33:40 | 000,000,388 | ---- | M] () -- C:\boot.ini
[2009/08/14 12:41:58 | 000,000,025 | ---- | M] () -- C:\Brxpinst.log
[2008/11/02 18:21:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/10 17:28:53 | 000,000,211 | RHS- | M] () -- C:\Copy of boot.ini
[2008/04/14 22:00:00 | 000,047,564 | RHS- | M] () -- C:\Copy of NTDETECT.COM
[2008/04/14 22:00:00 | 000,250,048 | RHS- | M] () -- C:\Copy of ntldr
[2010/12/07 09:11:10 | 1878,249,472 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/02 18:21:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/02 18:21:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/23 08:19:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/07 09:11:05 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/04/25 10:45:58 | 000,000,631 | ---- | M] () -- C:\PDVD.iss
[2008/11/04 05:15:02 | 000,000,076 | RHS- | M] () -- C:\Preload.aaa
[2009/08/10 17:31:48 | 000,000,675 | ---- | M] () -- C:\RHDSetup.log
[2008/11/02 18:53:00 | 000,000,032 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/11/02 10:16:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/02 10:16:00 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/02 10:15:58 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-10 11:57:57

< type c:\boot.ini >> test.txt >

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

[noiserider]

OTL Extras logfile created on: 12/7/2010 9:16:42 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Keith Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 36.72 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.26 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive H: | 245.71 Mb Total Space | 245.42 Mb Free Space | 99.88% Space Free | Partition Type: FAT
Drive Y: | 74.46 Gb Total Space | 46.37 Gb Free Space | 62.27% Space Free | Partition Type: NTFS

Computer Name: ACER-SUNROOM | User Name: Keith Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 21
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{51FC5315-20D4-4B6D-89B4-8776DC5A12CA}" = H&R Block Pennsylvania 2009
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{64985453-88E3-4E70-9648-D336166044BB}" = FirmwareUpdateUtility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68CF6DD2-8BA3-4A70-81D8-7CC5F24C9BA2}" = Adobe Bridge CS3
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3
"{745D8E16-13E1-432C-9C0A-2EB53E1423F4}" = Cisco WebEx Meeting Center for Firefox or Chrome
"{7BDD6642-76D6-49F7-9157-6100E5C75B97}" = Vz In Home Agent
"{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting
"{8BC84ECC-EA87-49C0-93C0-2B5DF62745CD}" = Adobe Asset Services CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"FileZilla Client" = FileZilla Client 3.3.1
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"Picasa 3" = Picasa 3
"SyncBack_is1" = SyncBack
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Verizon Help and Support" = Verizon Help and Support Tool
"VideoCacheView" = VideoCacheView
"VLC media player" = VLC media player 1.0.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/30/2010 9:02:12 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 5/30/2010 9:02:12 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 5/30/2010 9:02:12 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:39 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:39 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:39 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:39 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:39 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:39 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

Error - 7/7/2010 9:00:46 AM | Computer Name = ACER-SUNROOM | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 8/2/2010 5:46:55 PM | Computer Name = ACER-SUNROOM | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2010 11:28:33 AM | Computer Name = ACER-SUNROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/21/2010 11:30:52 AM | Computer Name = ACER-SUNROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3855, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/30/2010 3:46:09 PM | Computer Name = ACER-SUNROOM | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 7.0.8.218, faulting module
acrobat.dll, version 7.1.0.649, fault address 0x002c93f0.

Error - 9/11/2010 6:25:01 AM | Computer Name = ACER-SUNROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/11/2010 6:25:01 AM | Computer Name = ACER-SUNROOM | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 9/13/2010 8:48:27 AM | Computer Name = ACER-SUNROOM | Source = Application Hang | ID = 1002
Description = Hanging application PaprPort.exe, version 9.2.0.823, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/21/2010 2:25:11 PM | Computer Name = ACER-SUNROOM | Source = Application Hang | ID = 1002
Description = Hanging application Dreamweaver.exe, version 9.0.0.3453, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/23/2010 3:43:26 PM | Computer Name = ACER-SUNROOM | Source = TomTomHOMEService | ID = 10000
Description =

Error - 11/23/2010 3:47:18 PM | Computer Name = ACER-SUNROOM | Source = TomTomHOMEService | ID = 10000
Description =

[ System Events ]
Error - 12/7/2010 9:18:23 AM | Computer Name = ACER-SUNROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/7/2010 9:18:38 AM | Computer Name = ACER-SUNROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/7/2010 9:19:36 AM | Computer Name = ACER-SUNROOM | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 12/7/2010 9:19:36 AM | Computer Name = ACER-SUNROOM | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 12/7/2010 9:19:36 AM | Computer Name = ACER-SUNROOM | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 12/7/2010 9:19:36 AM | Computer Name = ACER-SUNROOM | Source = Service Control Manager | ID = 7001
Description = The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends
on the TCP/IP Protocol Driver service which failed to start because of the following
error: %%31

Error - 12/7/2010 9:19:36 AM | Computer Name = ACER-SUNROOM | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 12/7/2010 9:19:36 AM | Computer Name = ACER-SUNROOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT pctgntdi RasAcd Rdbss Tcpip

Error - 12/7/2010 9:31:48 AM | Computer Name = ACER-SUNROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/7/2010 9:34:54 AM | Computer Name = ACER-SUNROOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

[Salagubang]

Hi Noiserider,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

Sorry for the delay.

I am still a trainee so all my posts will be checked by an Expert. It's your advantage that there are two people looking at your log but responses may be a little delayed so please be patient.

• Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  
• English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

Firstly....

Can you tell me what type of machine this is?
Did you just edit the original boot.ini in the c:\?

I am currently reviewing the logs so please be patient.

[noiserider]

Hello Salagubang,

Thank you for your help.

Can you tell me what type of machine this is? Yes, this is an ACER Veriton X270, Desktop, 2GBbytes running XP

Did you just edit the original boot.ini in the c:\? Yes,

Here is the currently loaded boot.ini file
[boot loader]
timeout=-1
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Emergency Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=Optin

Here is the boot.ini file that was used up until yesterday:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

I tried to get to the Recovery Console by using the XP installation disk from another computer (a Dell). I got the blue screen of death with the following stop codes:
0x0000007b (0xf78d2524, 0xc00000034, 0x00000000, 0x0000000)

Now that you are helping me I will stop all my experimentation and await instructions from you.

Thanks,

Noise

[Salagubang]

Hi Noiserider,


Step One
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKLM..\Run: [] File not found
  O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
  @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step Two

Unplug the USB stick before proceeding with this fix.

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now. Let the computer boot by itself without the USB stick
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

StepThree

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Combofix.exe and follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[noiserider]

Here is the OTL output from the Run Fix process.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 227563 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Keith Admin
->Temp folder emptied: 1223506200 bytes
->Temporary Internet Files folder emptied: 167793262 bytes
->Java cache emptied: 58480917 bytes
->FireFox cache emptied: 128772545 bytes
->Flash cache emptied: 56667 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 91664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2205029 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2183653804 bytes

Total Files Cleaned = 3,591.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Keith Admin
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.17.3 log created on 12082010_172654

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[noiserider]

During the Quick Scan I got the following error message:

Windows - No Disk, Exception Processing Message c0000013 Paramaters 75b6bf7c4 75b6bf76 75b6bf7c

I click continue a few time to get the program running again.

Here is the output:

OTL logfile created on: 12/8/2010 5:40:32 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Keith Admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.47 Gb Total Space | 39.09 Gb Free Space | 60.63% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.26 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive E: | 581.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 245.71 Mb Total Space | 236.22 Mb Free Space | 96.14% Space Free | Partition Type: FAT
Drive Y: | 74.46 Gb Total Space | 42.25 Gb Free Space | 56.74% Space Free | Partition Type: NTFS

Computer Name: ACER-SUNROOM | User Name: Keith Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 09:16:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Admin\My Documents\Downloads\OTL.exe
PRC - [2010/10/30 06:18:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 04:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2008/08/14 16:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/08/14 16:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/08/14 16:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/15 01:40:39 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
PRC - [2008/04/14 22:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/08 07:38:54 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/06/28 06:46:30 | 000,622,592 | ---- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/06/27 09:30:30 | 000,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/03/01 15:06:22 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2005/03/17 13:25:54 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe


========== Modules (SafeList) ==========

MOD - [2010/12/07 09:16:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Keith Admin\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/07/26 07:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/24 04:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/08/11 16:18:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/11 14:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - [2010/09/07 09:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 09:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 09:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 09:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 09:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 09:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/22 14:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/22 10:11:14 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/01/21 08:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/12/18 11:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 07:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/11/02 18:52:14 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/09/24 02:09:52 | 000,041,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/09/22 10:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/08/19 02:27:00 | 004,805,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/01 15:48:00 | 006,555,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/07/26 10:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 10:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/05/05 23:52:26 | 000,132,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/04/14 22:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/17 01:43:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 01:43:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/08/28 05:30:04 | 000,013,952 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2006/01/19 02:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 21:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...&m=veriton_x270
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/30 06:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 15:04:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/10/29 06:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/11/02 15:01:28 | 000,000,000 | ---D | M]

[2010/11/23 14:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions
[2010/05/02 07:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/07 22:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Extensions\[email protected]
[2010/12/07 09:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions
[2010/07/21 06:06:27 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/07 17:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\[email protected]
[2010/12/07 09:23:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/28 06:57:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2010/05/10 06:04:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/13 08:55:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/09/29 13:16:46 | 000,028,488 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/09/29 13:16:50 | 000,185,240 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/09/29 13:19:44 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/09/29 13:16:56 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/09/29 13:17:08 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/08 17:27:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eRecoveryService] C:\acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...S Installer.cab (Support.com Configuration Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1249944521046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264526934562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Keith Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/02 18:21:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/04 07:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{933c316b-f5d6-11df-a519-002197c565ea}\Shell\AutoRun\command - "" = H:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{b145e647-486d-11df-a4f7-002197c565ea}\Shell - "" = AutoRun
O33 - MountPoints2\{b145e647-486d-11df-a4f7-002197c565ea}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b145e647-486d-11df-a4f7-002197c565ea}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2004/08/04 07:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 17:26:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/07 22:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Desktop\Config
[2010/12/07 22:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010/12/07 22:05:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Local Settings\Application Data\TomTom
[2010/12/07 22:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom DesktopSuite
[2010/12/07 21:47:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/12/07 17:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Disk Checker(2)
[2010/12/07 15:22:17 | 000,000,000 | ---D | C] -- C:\cmdcons(2)
[2010/12/07 15:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd(2)
[2010/12/07 12:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Application Data\ElevatedDiagnostics
[2010/12/07 12:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/11/23 14:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\My Documents\TomTom
[2010/11/23 14:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/11/23 14:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Keith Admin\Application Data\TomTom
[2010/11/23 14:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2008/05/09 07:58:32 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/12/08 17:42:27 | 000,443,240 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/08 17:42:27 | 000,072,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/08 17:38:37 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/12/08 17:38:26 | 000,188,791 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/12/08 17:38:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/08 17:38:07 | 1878,249,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 17:27:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/07 14:53:43 | 000,000,461 | RHS- | M] () -- C:\BOOT.BAK
[2010/12/07 09:03:49 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sunroom Acer Thunderbird Backup.job
[2010/12/07 09:00:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Sunroom Acer Backup.job
[2010/12/07 08:33:40 | 000,000,388 | ---- | M] () -- C:\BOOT.INI
[2010/12/07 08:13:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/06 14:35:16 | 000,010,562 | ---- | M] () -- C:\WINDOWS\is-UF50O.msg
[2010/12/06 14:35:16 | 000,000,399 | ---- | M] () -- C:\WINDOWS\is-UF50O.lst
[2010/11/25 15:33:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/11/25 15:33:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

========== Files Created - No Company Name ==========

[2010/12/08 09:30:06 | 1878,249,472 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/07 14:53:42 | 000,000,461 | RHS- | C] () -- C:\BOOT.BAK
[2010/12/07 14:53:40 | 000,260,288 | RHS- | C] () -- C:\cmldr
[2010/12/07 08:53:46 | 000,000,211 | RHS- | C] () -- C:\Copy of boot.ini
[2010/12/07 08:53:32 | 000,250,048 | RHS- | C] () -- C:\Copy of ntldr
[2010/12/07 08:53:22 | 000,047,564 | RHS- | C] () -- C:\Copy of NTDETECT.COM
[2010/12/06 14:35:16 | 000,000,399 | ---- | C] () -- C:\WINDOWS\is-UF50O.lst
[2010/12/06 14:35:15 | 000,010,562 | ---- | C] () -- C:\WINDOWS\is-UF50O.msg
[2010/04/02 12:48:07 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Keith Admin\Application Data\setup_ldm.iss
[2009/12/16 13:53:02 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/10/30 07:19:19 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\msgphd.dll
[2009/10/30 07:19:19 | 000,009,709 | ---- | C] () -- C:\WINDOWS\System32\msgpd.dll
[2009/08/14 12:42:05 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/14 12:42:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/14 12:41:32 | 000,000,287 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/08/14 12:41:32 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/08/14 12:40:43 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/08/14 12:38:05 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/08/11 19:03:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/11 12:55:09 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/11 12:55:08 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/08/11 12:54:48 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll
[2009/08/11 12:54:38 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2009/08/11 12:54:35 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll
[2009/08/11 12:53:48 | 000,000,578 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/11 12:49:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/11 06:21:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/08/10 20:22:29 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/08/10 20:22:29 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/08/10 20:22:27 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/08/10 20:22:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009/08/10 20:22:26 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/08/10 17:43:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2009/08/10 17:29:43 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Keith Admin\Local Settings\Application Data\fusioncache.dat
[2009/06/26 01:27:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2009/06/26 01:27:30 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2009/06/26 01:27:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2009/06/26 01:27:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2008/11/04 03:14:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/02 18:52:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2008/11/02 18:52:16 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2008/11/02 18:21:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/02 16:09:14 | 000,000,115 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2008/07/30 21:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/14 22:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/28 05:30:04 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2005/10/14 16:09:48 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 18:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 01:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 18:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/24 00:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2010/08/01 04:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/08/10 20:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2009/12/16 13:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2009/08/14 12:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/02/07 13:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/12/08 17:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/23 14:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/12/08 17:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Abine
[2010/04/27 05:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\acccore
[2010/12/07 12:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\ElevatedDiagnostics
[2009/10/30 07:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Excel Dialer Pro
[2010/01/27 11:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\FileZilla
[2009/08/11 19:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Leadertech
[2009/08/15 12:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\PC-FAX TX
[2009/08/10 20:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\PCToolsFirewallPlus
[2009/10/18 15:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\ScanSoft
[2010/02/07 13:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\TaxCut
[2010/05/26 12:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\TechWizard
[2010/05/02 07:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\Thunderbird
[2010/11/23 14:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\TomTom
[2010/06/17 19:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Admin\Application Data\webex
[2010/12/07 09:00:26 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Sunroom Acer Backup.job
[2010/12/07 09:03:49 | 000,000,484 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Sunroom Acer Thunderbird Backup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

[noiserider]

Here is the Report from Tdsskiller:

2010/12/08 17:52:17.0609 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/08 17:52:17.0609 ================================================================================
2010/12/08 17:52:17.0609 SystemInfo:
2010/12/08 17:52:17.0609
2010/12/08 17:52:17.0609 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/08 17:52:17.0609 Product type: Workstation
2010/12/08 17:52:17.0609 ComputerName: ACER-SUNROOM
2010/12/08 17:52:17.0609 UserName: Keith Admin
2010/12/08 17:52:17.0609 Windows directory: C:\WINDOWS
2010/12/08 17:52:17.0609 System windows directory: C:\WINDOWS
2010/12/08 17:52:17.0609 Processor architecture: Intel x86
2010/12/08 17:52:17.0609 Number of processors: 2
2010/12/08 17:52:17.0609 Page size: 0x1000
2010/12/08 17:52:17.0609 Boot type: Normal boot
2010/12/08 17:52:17.0609 ================================================================================
2010/12/08 17:52:17.0875 Initialize success
2010/12/08 17:52:36.0343 ================================================================================
2010/12/08 17:52:36.0343 Scan started
2010/12/08 17:52:36.0343 Mode: Manual;
2010/12/08 17:52:36.0343 ================================================================================
2010/12/08 17:52:36.0593 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/08 17:52:36.0734 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/08 17:52:36.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/08 17:52:36.0843 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/08 17:52:36.0953 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/08 17:52:37.0125 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/08 17:52:37.0250 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/08 17:52:37.0265 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/08 17:52:37.0281 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/08 17:52:37.0312 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/08 17:52:37.0343 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/08 17:52:37.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/08 17:52:37.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/08 17:52:37.0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/08 17:52:37.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/08 17:52:37.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/08 17:52:37.0609 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2010/12/08 17:52:37.0640 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2010/12/08 17:52:37.0656 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2010/12/08 17:52:37.0703 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/08 17:52:37.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/08 17:52:37.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/08 17:52:37.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/08 17:52:37.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/08 17:52:38.0062 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/08 17:52:38.0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/08 17:52:38.0203 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/08 17:52:38.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/08 17:52:38.0265 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/08 17:52:38.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/08 17:52:38.0421 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/08 17:52:38.0515 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/08 17:52:38.0546 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/12/08 17:52:38.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/08 17:52:38.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/08 17:52:38.0640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/08 17:52:38.0671 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/08 17:52:38.0718 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/12/08 17:52:38.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/08 17:52:38.0781 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/12/08 17:52:38.0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/08 17:52:38.0843 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/08 17:52:38.0890 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/08 17:52:38.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/08 17:52:39.0078 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/08 17:52:39.0125 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/08 17:52:39.0328 IntcAzAudAddService (fdf0e3a5e9f269ab0ed9c8ba1c89e5b2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/08 17:52:39.0453 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/08 17:52:39.0500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/08 17:52:39.0531 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/08 17:52:39.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/08 17:52:39.0593 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/08 17:52:39.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/08 17:52:39.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/08 17:52:39.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/08 17:52:39.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/08 17:52:39.0750 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/08 17:52:39.0765 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/08 17:52:39.0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/08 17:52:39.0921 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/12/08 17:52:39.0984 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/12/08 17:52:40.0015 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/12/08 17:52:40.0140 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/12/08 17:52:40.0281 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/08 17:52:40.0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/08 17:52:40.0359 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/08 17:52:40.0390 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/08 17:52:40.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/08 17:52:40.0515 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/08 17:52:40.0593 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/08 17:52:40.0687 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/08 17:52:40.0734 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/08 17:52:40.0781 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/08 17:52:40.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/08 17:52:40.0890 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/08 17:52:40.0906 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/08 17:52:40.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/08 17:52:40.0984 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/08 17:52:41.0031 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/08 17:52:41.0062 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/08 17:52:41.0109 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/08 17:52:41.0171 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/08 17:52:41.0187 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/08 17:52:41.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/08 17:52:41.0234 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/08 17:52:41.0250 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/08 17:52:41.0312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/08 17:52:41.0343 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/08 17:52:41.0421 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/08 17:52:41.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/08 17:52:41.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/08 17:52:41.0515 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/12/08 17:52:41.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/08 17:52:41.0750 nv (597a5167c509547fc691416887171079) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/08 17:52:41.0906 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/08 17:52:41.0937 nvgts (16beac55304536d46154fcd1d67bfd0f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2010/12/08 17:52:41.0968 NVHDA (1807e02a9ca6fd62ea97241d09e9b8ae) C:\WINDOWS\system32\drivers\nvhda32.sys
2010/12/08 17:52:42.0000 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/08 17:52:42.0078 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/08 17:52:42.0125 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/08 17:52:42.0156 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/08 17:52:42.0203 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/08 17:52:42.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/08 17:52:42.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/08 17:52:42.0312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/08 17:52:42.0343 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/08 17:52:42.0406 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/08 17:52:42.0437 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2010/12/08 17:52:42.0468 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
2010/12/08 17:52:42.0515 pctplfw (0eec24affc5ab0a2bbe4a6a886230aa5) C:\WINDOWS\system32\drivers\pctplfw.sys
2010/12/08 17:52:42.0750 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/08 17:52:42.0781 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/08 17:52:42.0843 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/08 17:52:43.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/08 17:52:43.0046 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/08 17:52:43.0078 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/08 17:52:43.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/08 17:52:43.0156 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/08 17:52:43.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/08 17:52:43.0218 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/08 17:52:43.0265 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/08 17:52:43.0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/08 17:52:43.0390 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/08 17:52:43.0421 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/08 17:52:43.0453 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/08 17:52:43.0500 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys
2010/12/08 17:52:43.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/08 17:52:43.0609 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/08 17:52:43.0687 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/08 17:52:43.0734 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/08 17:52:43.0796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/08 17:52:43.0859 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/08 17:52:43.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/08 17:52:43.0921 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/08 17:52:44.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/08 17:52:44.0125 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/08 17:52:44.0187 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/08 17:52:44.0218 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/08 17:52:44.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/08 17:52:44.0359 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2010/12/08 17:52:44.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/08 17:52:44.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/08 17:52:44.0531 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/08 17:52:44.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/08 17:52:44.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/08 17:52:44.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/08 17:52:44.0640 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/08 17:52:44.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/08 17:52:44.0718 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/08 17:52:44.0750 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/08 17:52:44.0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/08 17:52:44.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/08 17:52:44.0921 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/08 17:52:45.0000 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/08 17:52:45.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/08 17:52:45.0140 ================================================================================
2010/12/08 17:52:45.0140 Scan finished
2010/12/08 17:52:45.0140 ================================================================================

[noiserider]

Salagubang,

Thanks again for your help.

Keith
*****************

I ran ComboFix with Avast and the Firewall disabled. When ComboFix forced a reboot I had to reinsert the memory stick to boot up. Here is the ComboFix report:

ComboFix 10-12-07.06 - Keith Admin 12/08/2010 18:01:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.1791.1212 [GMT -5:00]
Running from: c:\documents and settings\Keith Admin\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keith Admin\g2mdlhlpx.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-08 22:26 . 2010-12-08 22:26 -------- d-----w- C:\_OTL
2010-12-08 03:06 . 2010-12-08 03:06 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-08 03:05 . 2010-12-08 03:05 -------- d-----w- c:\program files\TomTom International B.V

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2008-04-15 03:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-15 03:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-15 03:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-15 03:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2007-08-14 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2007-08-14 02:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-10 05:58 . 2007-08-14 02:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2009-09-29 18:16 . 2009-09-29 18:16 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-29 18:16 . 2009-09-29 18:16 185240 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-09-29 18:19 . 2009-09-29 18:19 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-09-29 18:16 . 2009-09-29 18:16 99224 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-19 16850944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13529088]
"nwiz"="nwiz.exe" [2008-08-01 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 86016]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-11 421888]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06b\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-8-11 25214]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/11/2009 12:24 PM 165584]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/10/2009 8:17 PM 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/11/2009 12:24 PM 17744]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/10/2009 8:17 PM 73840]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 4:38 AM 92008]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/10/2009 8:21 PM 41376]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/10/2009 8:17 PM 95640]
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\SyncBack Sunroom Acer Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-22 15:21]

2010-12-07 c:\windows\Tasks\SyncBack Sunroom Acer Thunderbird Backup.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2010-01-22 15:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\documents and settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\[email protected]\lib\WINNT\ff3\AbineComponent.dll
FF - plugin: c:\documents and settings\Keith Admin\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: TACO 3.0 with Abine: [email protected] - c:\documents and settings\Keith Admin\Application Data\Mozilla\Firefox\Profiles\1j2fsbww.default\extensions\[email protected]
FF - Extension: Move Media Player: [email protected] - c:\documents and settings\Keith Admin\Application Data\Move Networks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 18:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(9852)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wscntfy.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
.
**************************************************************************
.
Completion time: 2010-12-08 18:11:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-08 23:11

Pre-Run: 41,880,346,624 bytes free
Post-Run: 41,837,453,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Emergency Boot Loader" /fastdetect /NoExecute=OptOut
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Safe Mode" /safeboot:minimal /sos
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=Optin

- - End Of File - - 4B823863A090223B67350FFD47E4EE0E

[Salagubang]

Hi noiserider,

When you said you tried loading recovery console, how exactly did you proceed? Did you execute any commands when you were experimenting?

[noiserider]

I was never able to get to the Recovery Console so I could not execute any commands. It gave me an error message about a hardware configuration problem.

Edited by noiserider, 08 December 2010 - 05:29 PM.

[Salagubang]

Try restarting again and see if its still the black screen with cursor that shows up (or if the boot menu appears).