Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Security Suite - Revisited

Started by tcjones76 , May 24 2011 09:05 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 28 May 2011 - 05:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run a fresh OTL scan please just to be sure and also an updated Malwarebytes run

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

Advertisements

#17
tcjones76
Posted 28 May 2011 - 07:27 PM

tcjones76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Log. New OTL next

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6707

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/28/2011 9:24:42 PM
mbam-log-2011-05-28 (21-24-42).txt

Scan type: Quick scan
Objects scanned: 152690
Time elapsed: 10 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44A1-9F4543D34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9DD4258A-7138-49C4-8D34-587879A5C7A4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8C0220D-763D-49A4-95F4-61DFDEC66EE6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BCC488-1AE7-11D4-AB82-0010A4EC2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233C3C0-1472-4091-A505-5580A23BB4AC} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\XML.XML.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\TYPELIB (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\System\CurrentControlSet\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} (Fake.Dropped.Malware) -> Value: {0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Value: {0e1230f8-ea50-42a9-983c-d22abc2eeb4c} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656A137-B161-CADD-9777-E37A75727E78} (Fake.Dropped.Malware) -> Value: {0656A137-B161-CADD-9777-E37A75727E78} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Value: SystemCheck2 -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.google.co...age={startPage}) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\inet delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\inet delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\program files\inet delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
c:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
  • 0

#18
tcjones76
Posted 28 May 2011 - 08:12 PM

tcjones76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OTL


OTL logfile created on: 5/28/2011 9:59:37 PM - Run 6
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\David A. Quelle\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.21 Mb Total Physical Memory | 297.91 Mb Available Physical Memory | 58.39% Memory free
1.22 Gb Paging File | 1.04 Gb Available in Paging File | 85.30% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.91 Gb Free Space | 66.93% Space Free | Partition Type: NTFS

Computer Name: 8NHLQ71 | User Name: David A. Quelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/27 18:05:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David A. Quelle\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/27 18:05:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David A. Quelle\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/05/26 20:57:57 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzezmzmy.sys -- (uzezmzmy)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/04/09 01:25:20 | 000,005,888 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PWCTLDRV.sys -- (PWCTLDRV)
DRV - [2007/04/06 03:49:26 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWVsp.sys -- (PTDWVsp) Curitel PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/06 03:49:20 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWMdm.sys -- (PTDWMdm) Curitel PC Card Drivers (UDP)
DRV - [2007/04/06 03:49:16 | 000,027,392 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWBus.sys -- (PTDWBus) Curitel PC Card Composite Device driver (UDP)
DRV - [2005/02/23 15:19:08 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/27 18:10:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193690031417 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193690109008 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/29 15:18:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 20:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David A. Quelle\Application Data\Malwarebytes
[2011/05/28 20:44:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 20:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/28 20:43:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 20:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/28 20:42:27 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\David A. Quelle\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/27 18:53:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/27 18:52:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/27 18:50:27 | 004,296,381 | R--- | C] (Swearware) -- C:\Documents and Settings\David A. Quelle\Desktop\ComboFix.exe
[2011/05/27 18:06:58 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David A. Quelle\Desktop\OTL.exe
[2011/05/27 15:28:50 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/27 15:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/27 15:28:49 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/27 15:28:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/27 15:28:46 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/27 15:28:45 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/27 15:28:44 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/27 15:28:44 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/27 15:28:43 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/27 15:28:10 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/27 15:28:08 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/27 15:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/27 15:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/27 15:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David A. Quelle\My Documents\Downloads
[2011/05/26 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David A. Quelle\Start Menu\Programs\Google Chrome
[2011/05/26 20:57:57 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujezmzmy.sys
[2011/05/25 09:21:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/25 09:21:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/25 09:21:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/25 09:21:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/25 09:21:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David A. Quelle\Start Menu\Programs\Administrative Tools
[2011/05/25 06:13:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/24 15:33:04 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2011/05/28 21:52:13 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B587BACD-8527-47C7-BA6C-31E164AF0C50}.job
[2011/05/28 21:35:00 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004UA.job
[2011/05/28 21:32:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/28 21:32:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/28 21:30:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/28 21:12:15 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/28 20:44:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 20:41:14 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David A. Quelle\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/28 07:12:00 | 000,000,223 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/05/28 07:11:42 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/28 07:11:39 | 000,483,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/28 07:11:39 | 000,086,326 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 18:53:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 18:51:36 | 004,296,381 | R--- | M] (Swearware) -- C:\Documents and Settings\David A. Quelle\Desktop\ComboFix.exe
[2011/05/27 18:10:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/27 18:05:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David A. Quelle\Desktop\OTL.exe
[2011/05/27 15:28:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/27 15:28:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/27 15:19:43 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 23:19:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/26 22:46:43 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 22:35:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004Core.job
[2011/05/26 22:32:32 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Desktop\Google Chrome.lnk
[2011/05/26 22:32:32 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/26 20:57:57 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzezmzmy.sys
[2011/05/26 20:57:57 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujezmzmy.sys
[2011/05/25 06:09:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 08:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/05/28 20:44:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 18:53:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/27 15:28:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/05/26 22:32:32 | 000,002,362 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Desktop\Google Chrome.lnk
[2011/05/26 22:32:32 | 000,002,340 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/26 22:30:50 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004UA.job
[2011/05/26 22:30:49 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004Core.job
[2011/05/26 20:57:57 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzezmzmy.sys
[2011/05/25 09:21:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/25 09:21:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/25 09:21:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/25 09:21:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/25 09:21:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/25 08:10:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 10:19:17 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/05 15:49:42 | 000,000,223 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/13 21:50:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\WINWGPX.EXE
[2008/10/12 22:06:16 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ycbcr_.dll
[2008/10/12 22:06:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_x_.dll
[2008/10/12 22:06:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xpm_.dll
[2008/10/12 22:06:15 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xwd_.dll
[2008/10/12 22:06:15 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xtrn_.dll
[2008/10/12 22:06:15 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xc_.dll
[2008/10/12 22:06:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_wmf_.dll
[2008/10/12 22:06:14 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_viff_.dll
[2008/10/12 22:06:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_wpg_.dll
[2008/10/12 22:06:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xcf_.dll
[2008/10/12 22:06:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xbm_.dll
[2008/10/12 22:06:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_wbmp_.dll
[2008/10/12 22:06:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_vid_.dll
[2008/10/12 22:06:13 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_txt_.dll
[2008/10/12 22:06:13 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_vicar_.dll
[2008/10/12 22:06:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ttf_.dll
[2008/10/12 22:06:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_uil_.dll
[2008/10/12 22:06:13 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_uyvy_.dll
[2008/10/12 22:06:13 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_url_.dll
[2008/10/12 22:06:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_svg_.dll
[2008/10/12 22:06:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tiff_.dll
[2008/10/12 22:06:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sun_.dll
[2008/10/12 22:06:12 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tga_.dll
[2008/10/12 22:06:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tim_.dll
[2008/10/12 22:06:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tile_.dll
[2008/10/12 22:06:11 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sgi_.dll
[2008/10/12 22:06:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sfw_.dll
[2008/10/12 22:06:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sct_.dll
[2008/10/12 22:06:11 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_stegano_.dll
[2008/10/12 22:06:10 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_rgb_.dll
[2008/10/12 22:06:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_rle_.dll
[2008/10/12 22:06:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_raw_.dll
[2008/10/12 22:06:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_rla_.dll
[2008/10/12 22:06:10 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_scr_.dll
[2008/10/12 22:06:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ps_.dll
[2008/10/12 22:06:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ps2_.dll
[2008/10/12 22:06:09 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_psd_.dll
[2008/10/12 22:06:09 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ps3_.dll
[2008/10/12 22:06:09 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pwp_.dll
[2008/10/12 22:06:09 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_preview_.dll
[2008/10/12 22:06:08 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_png_.dll
[2008/10/12 22:06:08 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pnm_.dll
[2008/10/12 22:06:08 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pix_.dll
[2008/10/12 22:06:08 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_plasma_.dll
[2008/10/12 22:06:07 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pdf_.dll
[2008/10/12 22:06:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pict_.dll
[2008/10/12 22:06:07 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pdb_.dll
[2008/10/12 22:06:07 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pcx_.dll
[2008/10/12 22:06:07 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pcl_.dll
[2008/10/12 22:06:06 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pattern_.dll
[2008/10/12 22:06:06 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pcd_.dll
[2008/10/12 22:06:06 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_palm_.dll
[2008/10/12 22:06:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_otb_.dll
[2008/10/12 22:06:06 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mvg_.dll
[2008/10/12 22:06:06 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_null_.dll
[2008/10/12 22:06:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_msl_.dll
[2008/10/12 22:06:05 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mtv_.dll
[2008/10/12 22:06:05 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mpr_.dll
[2008/10/12 22:06:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_miff_.dll
[2008/10/12 22:06:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_meta_.dll
[2008/10/12 22:06:04 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mpc_.dll
[2008/10/12 22:06:04 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mpeg_.dll
[2008/10/12 22:06:04 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mono_.dll
[2008/10/12 22:06:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_magick_.dll
[2008/10/12 22:06:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mat_.dll
[2008/10/12 22:06:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_map_.dll
[2008/10/12 22:06:03 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_matte_.dll
[2008/10/12 22:06:02 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_jpeg_.dll
[2008/10/12 22:06:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_label_.dll
[2008/10/12 22:06:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_jp2_.dll
[2008/10/12 22:06:01 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_icon_.dll
[2008/10/12 22:06:01 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_jbig_.dll
[2008/10/12 22:06:01 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_html_.dll
[2008/10/12 22:06:01 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_info_.dll
[2008/10/12 22:06:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_gif_.dll
[2008/10/12 22:06:00 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_histogram_.dll
[2008/10/12 22:06:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_gray_.dll
[2008/10/12 22:06:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_gradient_.dll
[2008/10/12 22:06:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_hdf_.dll
[2008/10/12 22:06:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_fpx_.dll
[2008/10/12 22:05:59 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dpx_.dll
[2008/10/12 22:05:59 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_fits_.dll
[2008/10/12 22:05:59 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ept_.dll
[2008/10/12 22:05:59 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_emf_.dll
[2008/10/12 22:05:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_fax_.dll
[2008/10/12 22:05:58 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dcm_.dll
[2008/10/12 22:05:58 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dib_.dll
[2008/10/12 22:05:58 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dps_.dll
[2008/10/12 22:05:58 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dot_.dll
[2008/10/12 22:05:57 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cmyk_.dll
[2008/10/12 22:05:57 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cut_.dll
[2008/10/12 22:05:57 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cin_.dll
[2008/10/12 22:05:57 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cip_.dll
[2008/10/12 22:05:57 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_clipboard_.dll
[2008/10/12 22:05:57 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_caption_.dll
[2008/10/12 22:05:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_clip_.dll
[2008/10/12 22:05:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_avi_.dll
[2008/10/12 22:05:56 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_bmp_.dll
[2008/10/12 22:05:56 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_avs_.dll
[2008/10/12 22:05:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_xlib_.dll
[2008/10/12 22:05:55 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_art_.dll
[2008/10/12 22:05:53 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_Magick++_.dll
[2008/10/12 22:05:52 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_libxml_.dll
[2008/10/12 22:05:52 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_lcms_.dll
[2008/10/12 22:05:51 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_yuv_.dll
[2008/09/30 10:37:46 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E2E75E7E33.sys
[2008/09/30 10:37:45 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/06/14 09:59:18 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/05/06 21:29:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/06 14:36:34 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/07 12:29:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/29 20:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/10/29 20:24:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/10/29 15:22:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/29 15:14:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/29 06:55:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/29 06:54:35 | 000,265,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,483,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,086,326 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E4E252

< End of report >
  • 0

#19
Essexboy
Posted 29 May 2011 - 04:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just some AVP drivers to remove - what problems remain ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/05/26 20:57:57 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzezmzmy.sys -- (uzezmzmy)
    [2011/05/26 20:57:57 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujezmzmy.sys
    [2011/05/26 20:57:57 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzezmzmy.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

  • 0

#20
tcjones76
Posted 29 May 2011 - 06:49 PM

tcjones76

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
PC is running good, used it today and no issues. Here is OTL log after the RunFix.

If all is OK, thanks for all the help. This forum never fails!!!

tcj

OTL logfile created on: 5/29/2011 8:35:38 PM - Run 8
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Cleanup Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.21 Mb Total Physical Memory | 283.34 Mb Available Physical Memory | 55.53% Memory free
1.22 Gb Paging File | 1.06 Gb Available in Paging File | 87.12% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 24.74 Gb Free Space | 66.49% Space Free | Partition Type: NTFS

Computer Name: 8NHLQ71 | User Name: David A. Quelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/27 18:05:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Cleanup Programs\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/27 18:05:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Cleanup Programs\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/05/26 20:57:57 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzezmzmy.sys -- (uzezmzmy)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/04/09 01:25:20 | 000,005,888 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PWCTLDRV.sys -- (PWCTLDRV)
DRV - [2007/04/06 03:49:26 | 000,039,808 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWVsp.sys -- (PTDWVsp) Curitel PC Card Diagnostic Serial Port (UDP)
DRV - [2007/04/06 03:49:20 | 000,041,728 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWMdm.sys -- (PTDWMdm) Curitel PC Card Drivers (UDP)
DRV - [2007/04/06 03:49:16 | 000,027,392 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDWBus.sys -- (PTDWBus) Curitel PC Card Composite Device driver (UDP)
DRV - [2005/02/23 15:19:08 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/15 16:37:52 | 000,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2001/08/22 12:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/05/27 18:10:05 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1193690031417 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1193690109008 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/29 15:18:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 16:42:37 | 000,000,000 | ---D | C] -- C:\Cleanup Programs
[2011/05/28 22:35:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/28 20:44:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David A. Quelle\Application Data\Malwarebytes
[2011/05/28 20:44:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/28 20:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/28 20:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/28 20:43:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/28 20:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/27 18:53:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/05/27 18:52:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/05/27 15:28:50 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/05/27 15:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/05/27 15:28:49 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/27 15:28:46 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/27 15:28:46 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/27 15:28:45 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/27 15:28:44 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/27 15:28:44 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/27 15:28:43 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/27 15:28:10 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/27 15:28:08 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/27 15:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/27 15:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/27 15:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David A. Quelle\My Documents\Downloads
[2011/05/26 22:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David A. Quelle\Start Menu\Programs\Google Chrome
[2011/05/26 20:57:57 | 000,010,240 | ---- | C] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujezmzmy.sys
[2011/05/25 09:21:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/25 09:21:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/25 09:21:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/25 09:21:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/25 09:21:00 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David A. Quelle\Start Menu\Programs\Administrative Tools
[2011/05/25 06:13:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/24 15:33:04 | 000,000,000 | ---D | C] -- C:\_OTL

========== Files - Modified Within 30 Days ==========

[2011/05/29 20:35:01 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004UA.job
[2011/05/29 20:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 16:41:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/29 16:41:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/29 16:40:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 16:30:09 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B587BACD-8527-47C7-BA6C-31E164AF0C50}.job
[2011/05/28 22:35:04 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004Core.job
[2011/05/28 22:34:42 | 000,436,314 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/28 22:34:42 | 000,069,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/28 20:44:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/28 07:12:00 | 000,000,223 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/05/28 07:11:42 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/27 18:53:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/05/27 18:10:05 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/27 15:28:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/05/27 15:19:43 | 000,265,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/26 23:19:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/26 22:46:43 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 22:32:32 | 000,002,362 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Desktop\Google Chrome.lnk
[2011/05/26 22:32:32 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\David A. Quelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/26 20:57:57 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzezmzmy.sys
[2011/05/26 20:57:57 | 000,010,240 | ---- | M] (Zaitsev Oleg, 2006) -- C:\WINDOWS\System32\drivers\ujezmzmy.sys
[2011/05/25 06:09:57 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/10 08:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/05/10 08:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/05/10 08:02:25 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/05/10 08:02:22 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/05/10 07:59:37 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/05/28 20:44:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/27 18:53:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/05/26 22:32:32 | 000,002,362 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Desktop\Google Chrome.lnk
[2011/05/26 22:32:32 | 000,002,340 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/05/26 22:30:50 | 000,001,018 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004UA.job
[2011/05/26 22:30:49 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1202660629-854245398-1004Core.job
[2011/05/26 20:57:57 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzezmzmy.sys
[2011/05/25 09:21:09 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/25 09:21:08 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/25 09:21:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/25 09:21:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/25 09:21:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/25 08:10:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/12 10:19:17 | 000,038,463 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/11/05 15:49:42 | 000,000,223 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/10/13 21:50:01 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\WINWGPX.EXE
[2008/10/12 22:06:16 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ycbcr_.dll
[2008/10/12 22:06:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_x_.dll
[2008/10/12 22:06:15 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xpm_.dll
[2008/10/12 22:06:15 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xwd_.dll
[2008/10/12 22:06:15 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xtrn_.dll
[2008/10/12 22:06:15 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xc_.dll
[2008/10/12 22:06:14 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_wmf_.dll
[2008/10/12 22:06:14 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_viff_.dll
[2008/10/12 22:06:14 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_wpg_.dll
[2008/10/12 22:06:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xcf_.dll
[2008/10/12 22:06:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_xbm_.dll
[2008/10/12 22:06:14 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_wbmp_.dll
[2008/10/12 22:06:14 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_vid_.dll
[2008/10/12 22:06:13 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_txt_.dll
[2008/10/12 22:06:13 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_vicar_.dll
[2008/10/12 22:06:13 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ttf_.dll
[2008/10/12 22:06:13 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_uil_.dll
[2008/10/12 22:06:13 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_uyvy_.dll
[2008/10/12 22:06:13 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_url_.dll
[2008/10/12 22:06:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_svg_.dll
[2008/10/12 22:06:12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tiff_.dll
[2008/10/12 22:06:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sun_.dll
[2008/10/12 22:06:12 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tga_.dll
[2008/10/12 22:06:12 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tim_.dll
[2008/10/12 22:06:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_tile_.dll
[2008/10/12 22:06:11 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sgi_.dll
[2008/10/12 22:06:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sfw_.dll
[2008/10/12 22:06:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_sct_.dll
[2008/10/12 22:06:11 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_stegano_.dll
[2008/10/12 22:06:10 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_rgb_.dll
[2008/10/12 22:06:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_rle_.dll
[2008/10/12 22:06:10 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_raw_.dll
[2008/10/12 22:06:10 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_rla_.dll
[2008/10/12 22:06:10 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_scr_.dll
[2008/10/12 22:06:09 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ps_.dll
[2008/10/12 22:06:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ps2_.dll
[2008/10/12 22:06:09 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_psd_.dll
[2008/10/12 22:06:09 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ps3_.dll
[2008/10/12 22:06:09 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pwp_.dll
[2008/10/12 22:06:09 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_preview_.dll
[2008/10/12 22:06:08 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_png_.dll
[2008/10/12 22:06:08 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pnm_.dll
[2008/10/12 22:06:08 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pix_.dll
[2008/10/12 22:06:08 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_plasma_.dll
[2008/10/12 22:06:07 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pdf_.dll
[2008/10/12 22:06:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pict_.dll
[2008/10/12 22:06:07 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pdb_.dll
[2008/10/12 22:06:07 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pcx_.dll
[2008/10/12 22:06:07 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pcl_.dll
[2008/10/12 22:06:06 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pattern_.dll
[2008/10/12 22:06:06 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_pcd_.dll
[2008/10/12 22:06:06 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_palm_.dll
[2008/10/12 22:06:06 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_otb_.dll
[2008/10/12 22:06:06 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mvg_.dll
[2008/10/12 22:06:06 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_null_.dll
[2008/10/12 22:06:05 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_msl_.dll
[2008/10/12 22:06:05 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mtv_.dll
[2008/10/12 22:06:05 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mpr_.dll
[2008/10/12 22:06:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_miff_.dll
[2008/10/12 22:06:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_meta_.dll
[2008/10/12 22:06:04 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mpc_.dll
[2008/10/12 22:06:04 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mpeg_.dll
[2008/10/12 22:06:04 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mono_.dll
[2008/10/12 22:06:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_magick_.dll
[2008/10/12 22:06:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_mat_.dll
[2008/10/12 22:06:03 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_map_.dll
[2008/10/12 22:06:03 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_matte_.dll
[2008/10/12 22:06:02 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_jpeg_.dll
[2008/10/12 22:06:02 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_label_.dll
[2008/10/12 22:06:01 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_jp2_.dll
[2008/10/12 22:06:01 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_icon_.dll
[2008/10/12 22:06:01 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_jbig_.dll
[2008/10/12 22:06:01 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_html_.dll
[2008/10/12 22:06:01 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_info_.dll
[2008/10/12 22:06:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_gif_.dll
[2008/10/12 22:06:00 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_histogram_.dll
[2008/10/12 22:06:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_gray_.dll
[2008/10/12 22:06:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_gradient_.dll
[2008/10/12 22:06:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_hdf_.dll
[2008/10/12 22:06:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_fpx_.dll
[2008/10/12 22:05:59 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dpx_.dll
[2008/10/12 22:05:59 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_fits_.dll
[2008/10/12 22:05:59 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_ept_.dll
[2008/10/12 22:05:59 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_emf_.dll
[2008/10/12 22:05:59 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_fax_.dll
[2008/10/12 22:05:58 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dcm_.dll
[2008/10/12 22:05:58 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dib_.dll
[2008/10/12 22:05:58 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dps_.dll
[2008/10/12 22:05:58 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_dot_.dll
[2008/10/12 22:05:57 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cmyk_.dll
[2008/10/12 22:05:57 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cut_.dll
[2008/10/12 22:05:57 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cin_.dll
[2008/10/12 22:05:57 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_cip_.dll
[2008/10/12 22:05:57 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_clipboard_.dll
[2008/10/12 22:05:57 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_caption_.dll
[2008/10/12 22:05:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_clip_.dll
[2008/10/12 22:05:56 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_avi_.dll
[2008/10/12 22:05:56 | 000,044,032 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_bmp_.dll
[2008/10/12 22:05:56 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_avs_.dll
[2008/10/12 22:05:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_xlib_.dll
[2008/10/12 22:05:55 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_art_.dll
[2008/10/12 22:05:53 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_Magick++_.dll
[2008/10/12 22:05:52 | 000,794,624 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_libxml_.dll
[2008/10/12 22:05:52 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\CORE_DB_lcms_.dll
[2008/10/12 22:05:51 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\IM_MOD_DB_yuv_.dll
[2008/09/30 10:37:46 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E2E75E7E33.sys
[2008/09/30 10:37:45 | 000,000,848 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/06/14 09:59:18 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/05/06 21:29:52 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/05/06 14:36:34 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\David A. Quelle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/07 12:29:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/29 20:24:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2007/10/29 20:24:33 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/10/29 15:22:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/10/29 15:14:40 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/10/29 06:55:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/10/29 06:54:35 | 000,265,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/21 21:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 21:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,436,314 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,069,044 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/11/18 15:25:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\585abe
[2008/09/30 10:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Act
[2011/05/27 15:27:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/11/18 15:25:22 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ISKUVQDCES
[2008/10/12 23:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/09/30 10:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David A. Quelle\Application Data\ACT
[2010/11/18 15:25:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\David A. Quelle\Application Data\Internet Security Suite
[2008/01/07 16:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David A. Quelle\Application Data\InterVideo
[2008/09/30 10:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David A. Quelle\Application Data\IsolatedStorage
[2010/11/18 15:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David A. Quelle\Application Data\MSNInstaller
[2008/01/08 21:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David A. Quelle\Application Data\Smith Micro
[2011/05/29 16:30:09 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B587BACD-8527-47C7-BA6C-31E164AF0C50}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E4E252

< End of report >
  • 0

#21
Essexboy
Posted 30 May 2011 - 04:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :unsure:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :yes:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#22
Essexboy
Posted 03 June 2011 - 10:26 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP