Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virtumonde trojan and malware

Started by dually , Jul 27 2011 02:10 PM

  • This topic is locked This topic is locked

#1
dually
Posted 27 July 2011 - 02:10 PM

dually

    Member

  • Member
  • PipPip
  • 54 posts
My desktop seems to be infected. AVG caught a virtumonde trojan and malware as well as rootkits. Have also run spybot and anti malware and they caught something.
Computer takes forever to start up. May also have a second computer infected, my laptop. Ran the scans there but did not find anything.

Here is my OTL log from desktop.


OTL logfile created on: 27/07/2011 4:00:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\dale\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.50 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.26% Memory free
2.84 Gb Paging File | 2.24 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): C:\pagefile.sys 500 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 61.35 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 33.06 Gb Free Space | 64.33% Space Free | Partition Type: NTFS
Drive G: | 14.65 Gb Total Space | 4.78 Gb Free Space | 32.64% Space Free | Partition Type: NTFS
Drive H: | 13.98 Gb Total Space | 12.35 Gb Free Space | 88.33% Space Free | Partition Type: NTFS

Computer Name: DUALTURBO | User Name: dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
PRC - [2011/06/24 11:18:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/03/28 09:50:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- D:\Program Files\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
MOD - [2011/01/07 20:56:54 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/11/04 09:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/28 09:50:00 | 000,006,656 | ---- | M] (Logitech Inc. ) -- D:\Program Files\MouseWare\system\LGMOUSHK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 19:28:41 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/11 16:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007/08/28 15:39:49 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/12/21 01:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/10 06:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/10/18 20:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/03/22 02:50:00 | 000,068,190 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/03/22 02:50:00 | 000,051,214 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2002/03/22 02:50:00 | 000,010,560 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/03/22 02:50:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.c...p?hl=en&tab=wn"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/09 11:53:45 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 13:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/15 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/15 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}: C:\Documents and Settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D} [2011/07/25 20:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}: C:\Documents and Settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\ [2011/07/26 08:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 11:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 11:18:57 | 000,000,000 | ---D | M]

[2010/10/11 11:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Extensions
[2011/07/23 20:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions
[2011/03/30 20:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/24 18:40:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\[email protected]
[2011/07/06 15:46:48 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\[email protected]
[2011/07/26 10:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 19:58:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 20:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 17:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 11:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/07/23 19:05:33 | 000,435,357 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15010 more lines...
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EM_EXEC] D:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\dale\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1181502706343 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E68C89AA-554F-43F3-8D5E-9B36D873081B} http://www.rogershel...prjOCFTools.CAB (prjOCFTools.OCFTools)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/09 08:11:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/27 15:59:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
[2011/07/25 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/25 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/25 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}
[2011/07/25 20:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Start Menu\Programs\Zentom System Guard
[2011/07/25 20:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
[2011/07/08 19:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Application Data\Intelli-studio
[2011/07/08 19:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAMSUNG
[2011/07/08 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2011/07/06 15:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Start Menu\Programs\FrostWire
[2011/07/06 15:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/06 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/07/06 15:44:21 | 009,355,032 | ---- | C] (FrostWire Team) -- C:\Program Files\frostwire-4.21.8.windows.exe
[2011/03/30 19:59:34 | 008,582,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.13.exe
[2011/03/24 18:29:34 | 012,580,112 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.exe
[2011/02/13 17:18:35 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5601_full_emusic-7plus_en-us.exe
[2011/01/29 21:31:54 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2011/01/29 19:05:10 | 088,544,032 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\266.58_desktop_winxp_32bit_english_whql.exe
[2010/10/31 14:28:03 | 007,462,536 | ---- | C] (AVG ) -- C:\Program Files\avg_pct_stf_all_2011_22_c5.exe
[2010/03/12 20:52:49 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2009/12/04 20:18:39 | 077,086,488 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstallation.exe
[2009/09/23 16:17:45 | 093,074,728 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/09/04 16:12:37 | 004,574,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OutlookConnector.exe
[2008/04/22 15:48:58 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2007/09/22 16:35:56 | 002,614,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup200.exe
[2007/09/22 15:32:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe

========== Files - Modified Within 30 Days ==========

[2011/07/27 16:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
[2011/07/27 15:59:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
[2011/07/27 15:55:19 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job
[2011/07/27 15:06:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/27 15:02:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 10:08:47 | 125,790,658 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/26 13:27:10 | 000,000,195 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/26 11:55:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Skesisawanulamo.dat
[2011/07/26 08:44:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ftute.bin
[2011/07/25 20:44:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/25 19:40:15 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/23 19:09:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 19:05:33 | 000,435,357 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/16 18:25:34 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 13:28:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/08 19:39:15 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/06 15:46:48 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 15:46:48 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\dale\Desktop\FrostWire 4.21.8.lnk
[2011/07/06 15:44:23 | 009,355,032 | ---- | M] (FrostWire Team) -- C:\Program Files\frostwire-4.21.8.windows.exe
[2011/07/04 19:50:06 | 000,434,745 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110704-195029.backup
[2011/07/04 19:50:06 | 000,434,745 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-190533.backup
[2011/06/30 12:59:36 | 000,509,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/30 12:59:36 | 000,098,160 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/07/25 20:08:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Skesisawanulamo.dat
[2011/07/25 20:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ftute.bin
[2011/07/08 19:38:07 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2011/07/06 15:46:48 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 15:46:48 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\dale\Desktop\FrostWire 4.21.8.lnk
[2011/07/06 15:46:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/11 19:17:25 | 005,159,199 | ---- | C] () -- C:\Program Files\PCI_Install_XP_2K_5719_10202010.zip
[2011/02/10 19:25:40 | 000,537,867 | ---- | C] () -- C:\Program Files\yk51x86_v11.30.1.3.zip
[2011/02/08 18:10:51 | 000,813,714 | ---- | C] () -- C:\Program Files\xvidcore-1.3.0-rc1.tar.gz
[2011/02/07 11:00:08 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/02/07 11:00:08 | 000,925,667 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/02/07 11:00:08 | 000,721,798 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/07 11:00:08 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/02/07 11:00:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/02/07 11:00:08 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/02/07 11:00:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/02/07 11:00:08 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/02/07 11:00:08 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/02/07 11:00:08 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/02/07 11:00:08 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/02/07 11:00:08 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2011/02/07 10:45:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/07 10:39:02 | 004,166,551 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/01/29 19:11:09 | 000,253,016 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/29 19:11:05 | 000,253,024 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/29 19:11:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/17 13:07:34 | 001,952,032 | ---- | C] () -- C:\Program Files\EVGA_Precision_Setup_202.exe
[2010/10/11 11:17:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/02 20:18:40 | 000,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 01:45:18 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/08/14 01:45:10 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/08/14 01:43:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/08/14 01:43:42 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/08/14 01:43:34 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/08/14 01:43:22 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/08/14 01:42:54 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/08/14 01:42:48 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/08/14 01:42:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/08/14 01:42:06 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/08/14 01:41:54 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/08/14 01:40:02 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/08/14 01:39:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/05/09 17:50:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/02/05 19:25:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/27 16:12:21 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/20 18:26:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/11 14:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 14:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/07/16 15:37:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dale\Application Data\$_hpcst$.hpc
[2009/06/07 09:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/23 11:16:53 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
[2008/11/23 11:16:53 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2008/11/23 11:16:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2008/11/23 11:16:48 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/11/23 11:16:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[2008/11/23 11:16:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
[2008/11/23 11:16:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/11/23 11:16:47 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/11/23 11:16:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/23 11:16:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008/11/23 11:16:45 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/23 18:00:45 | 000,118,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/06/04 20:00:02 | 000,112,898 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/06/04 20:00:02 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/02/23 15:44:20 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/04 22:18:02 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/24 15:56:37 | 000,131,894 | ---- | C] () -- C:\WINDOWS\hpiins06.dat.temp
[2007/11/24 15:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat.temp
[2007/11/24 14:18:24 | 000,131,907 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/11/24 14:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/05 12:54:26 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/09/01 21:32:20 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
[2007/07/11 19:23:45 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2007/06/25 16:14:23 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/06/18 15:25:07 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/17 21:32:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 13:30:54 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2007/06/15 13:30:54 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2007/06/11 18:51:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/06/11 18:49:52 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/06/11 18:49:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/06/11 18:49:12 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/06/11 18:48:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/06/10 17:38:45 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/06/10 17:36:20 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/10 16:55:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\dale\Local Settings\Application Data\fusioncache.dat
[2007/06/10 12:00:55 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/06/10 12:00:55 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/06/10 11:53:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/10 11:51:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/06/10 11:51:42 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/10 00:56:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/10 00:53:29 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/09 08:12:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/09 08:08:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/10 06:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,509,250 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,098,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/11/10 16:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/26 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/31 14:20:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/12 13:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/20 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/01/23 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/05/20 13:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/06/19 12:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/06/28 18:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/24 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/08/20 18:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/13 19:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/23 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/25 20:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
[2010/10/31 14:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\AVG10
[2011/07/25 20:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Azureus
[2011/06/12 17:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Coby Media Manager
[2011/05/15 18:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\DDMSettings
[2011/07/19 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\FrostWire
[2011/04/13 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Image Zone Express
[2007/09/20 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\iolo
[2007/07/02 17:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Leadertech
[2007/06/28 18:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Nokia
[2007/06/10 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\PC Suite
[2010/12/09 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Shareaza
[2011/07/27 16:01:01 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/07/27 15:59:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
[2011/07/27 15:55:19 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8B731E

< End of report >




OTL Extras logfile created on: 27/07/2011 4:00:14 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\dale\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.50 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.26% Memory free
2.84 Gb Paging File | 2.24 Gb Available in Paging File | 78.98% Paging File free
Paging file location(s): C:\pagefile.sys 500 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 61.35 Gb Free Space | 62.83% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 33.06 Gb Free Space | 64.33% Space Free | Partition Type: NTFS
Drive G: | 14.65 Gb Total Space | 4.78 Gb Free Space | 32.64% Space Free | Partition Type: NTFS
Drive H: | 13.98 Gb Total Space | 12.35 Gb Free Space | 88.33% Space Free | Partition Type: NTFS

Computer Name: DUALTURBO | User Name: dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"13457:TCP" = 13457:TCP:*:Disabled:BitComet 13457 TCP
"13457:UDP" = 13457:UDP:*:Disabled:BitComet 13457 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Program Files\FrostWire\FrostWire.exe" = D:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23170F69-40C1-2701-0904-000001000000}" = 7-Zip 9.04
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.51
"{585D96E5-1A6A-410C-8F5F-F606CA1CCE1C}" = UFile 2010
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A859FA27-05AF-4295-BF2C-A9D3A5A707EE}" = UFile Updater 2010
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech User's Guide
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"8461-7759-5462-8226" = Vuze
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"Branding" =
"conduitEngine" = Conduit Engine
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DivX Setup.divx.com" = DivX Setup
"DXM_Runtime" =
"ERUNT_is1" = ERUNT 1.1j
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"Fontcore" =
"FrostWire" = FrostWire 4.21.8
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"Intelli-studio" = SAMSUNG Intelli-studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"MobileOptionPack" =
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OutlookExpress" =
"Panda ActiveScan" = Panda ActiveScan
"PCHealth" =
"Precision" = EVGA Precision 2.0.2
"SchedulingAgent" =
"SystemRequirementsLab" = System Requirements Lab
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xvid" = XviD MPEG-4 Video Codec
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/07/2011 11:44:27 AM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 26/07/2011 11:44:27 AM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 26/07/2011 11:45:28 AM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 26/07/2011 11:45:28 AM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 26/07/2011 11:45:28 AM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 26/07/2011 11:45:28 AM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 26/07/2011 3:26:02 PM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: The connection with the server was terminated abnormally

Error - 26/07/2011 3:26:02 PM | Computer Name = DUALTURBO | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....F9962A8212.crt>
with error: This network connection does not exist.

Error - 26/07/2011 4:12:30 PM | Computer Name = DUALTURBO | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 26/07/2011 4:12:30 PM | Computer Name = DUALTURBO | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.51.1.1076, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 27/07/2011 6:03:17 PM | Computer Name = DUALTURBO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.


< End of report >

Edited by dually, 27 July 2011 - 02:14 PM.

  • 0

Advertisements

#2
dually
Posted 29 July 2011 - 06:03 PM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Not using computer much except to scan with Avg, Spybot and Anti malware.
Avg caught another virus generic.32 or something.
Also desktop wont boot unless I use last known good config.
  • 0

#3
Essexboy
Posted 31 July 2011 - 06:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi - sorry for the delay - I would like a fresh look at your system please

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

THEN

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • 0

#4
dually
Posted 31 July 2011 - 08:05 AM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thank you for your help. Here is that log.

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-07-31 09:54:38
-----------------------------
09:54:38.390 OS Version: Windows 5.1.2600 Service Pack 3
09:54:38.390 Number of processors: 2 586 0xF02
09:54:38.406 ComputerName: DUALTURBO UserName: dale
09:54:38.890 Initialize success
09:56:55.562 AVAST engine defs: 11073100
09:57:10.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
09:57:10.046 Disk 0 Vendor: SAMSUNG_HD160JJ ZM100-33 Size: 152627MB BusType: 3
09:57:10.046 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\iteatapi1Port4Path0Target2Lun0
09:57:10.046 Disk 1 Vendor: Maxtor_2 VAM5 Size: 29325MB BusType: 1
09:57:12.062 Disk 0 MBR read successfully
09:57:12.062 Disk 0 MBR scan
09:57:12.109 Disk 0 Windows XP default MBR code
09:57:12.109 Disk 0 scanning sectors +312576705
09:57:12.187 Disk 0 scanning C:\WINDOWS\system32\drivers
09:57:25.625 Service scanning
09:57:28.390 Modules scanning
09:57:32.687 Disk 0 trace - called modules:
09:57:32.703 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
09:57:32.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8adb0ab8]
09:57:32.718 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8ad60d98]
09:57:33.031 AVAST engine scan C:\WINDOWS
09:57:46.859 AVAST engine scan C:\WINDOWS\system32
09:59:48.906 AVAST engine scan C:\WINDOWS\system32\drivers
10:00:05.359 AVAST engine scan C:\Documents and Settings\dale
10:02:32.937 AVAST engine scan C:\Documents and Settings\All Users
10:03:29.781 Scan finished successfully
10:03:38.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\dale\Desktop\MBR.dat"
10:03:38.234 The log file has been saved successfully to "C:\Documents and Settings\dale\Desktop\aswMBR.txt"
  • 0

#5
Essexboy
Posted 01 August 2011 - 11:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL log please
  • 0

#6
dually
Posted 01 August 2011 - 02:28 PM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Found cd drive and dvd drive are acting funny, power not there then it is. And not present in "My Computer".


OTL logfile created on: 01/08/2011 4:26:57 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\dale\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.50 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 62.83% Memory free
2.84 Gb Paging File | 2.13 Gb Available in Paging File | 74.90% Paging File free
Paging file location(s): C:\pagefile.sys 500 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 61.48 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 33.06 Gb Free Space | 64.33% Space Free | Partition Type: NTFS
Drive G: | 14.65 Gb Total Space | 4.78 Gb Free Space | 32.64% Space Free | Partition Type: NTFS
Drive H: | 13.98 Gb Total Space | 12.35 Gb Free Space | 88.33% Space Free | Partition Type: NTFS

Computer Name: DUALTURBO | User Name: dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
PRC - [2011/06/24 11:18:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/03/28 09:50:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- D:\Program Files\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
MOD - [2011/01/07 20:56:54 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/11/04 09:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/28 09:50:00 | 000,006,656 | ---- | M] (Logitech Inc. ) -- D:\Program Files\MouseWare\system\LGMOUSHK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 19:28:41 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/11 16:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007/08/28 15:39:49 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/12/21 01:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/10 06:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/10/18 20:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/03/22 02:50:00 | 000,068,190 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/03/22 02:50:00 | 000,051,214 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2002/03/22 02:50:00 | 000,010,560 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/03/22 02:50:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-507921405-113007714-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKU\S-1-5-21-507921405-113007714-839522115-1004\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-507921405-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-113007714-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.c...p?hl=en&tab=wn"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/09 11:53:45 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 13:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/15 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/15 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}: C:\Documents and Settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D} [2011/07/25 20:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}: C:\Documents and Settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\ [2011/07/26 08:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 11:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 11:18:57 | 000,000,000 | ---D | M]

[2010/10/11 11:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Extensions
[2011/07/31 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions
[2011/03/30 20:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/24 18:40:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\[email protected]
[2011/07/06 15:46:48 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\[email protected]
[2011/07/31 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 19:58:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 20:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 17:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 11:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/07/29 16:36:35 | 000,435,511 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15016 more lines...
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-507921405-113007714-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-507921405-113007714-839522115-1004\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-113007714-839522115-1004\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-507921405-113007714-839522115-1004\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-507921405-113007714-839522115-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EM_EXEC] D:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\dale\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-113007714-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-113007714-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1181502706343 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E68C89AA-554F-43F3-8D5E-9B36D873081B} http://www.rogershel...prjOCFTools.CAB (prjOCFTools.OCFTools)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/09 08:11:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/31 09:52:54 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\dale\Desktop\aswMBR.exe
[2011/07/29 16:59:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/27 15:59:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
[2011/07/25 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/25 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/25 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}
[2011/07/25 20:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Start Menu\Programs\Zentom System Guard
[2011/07/25 20:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
[2011/07/08 19:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Application Data\Intelli-studio
[2011/07/08 19:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAMSUNG
[2011/07/08 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2011/07/06 15:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Start Menu\Programs\FrostWire
[2011/07/06 15:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/06 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/07/06 15:44:21 | 009,355,032 | ---- | C] (FrostWire Team) -- C:\Program Files\frostwire-4.21.8.windows.exe
[2011/03/30 19:59:34 | 008,582,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.13.exe
[2011/03/24 18:29:34 | 012,580,112 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.exe
[2011/02/13 17:18:35 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5601_full_emusic-7plus_en-us.exe
[2011/01/29 21:31:54 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2011/01/29 19:05:10 | 088,544,032 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\266.58_desktop_winxp_32bit_english_whql.exe
[2010/10/31 14:28:03 | 007,462,536 | ---- | C] (AVG ) -- C:\Program Files\avg_pct_stf_all_2011_22_c5.exe
[2010/03/12 20:52:49 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2009/12/04 20:18:39 | 077,086,488 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstallation.exe
[2009/09/23 16:17:45 | 093,074,728 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/09/04 16:12:37 | 004,574,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OutlookConnector.exe
[2008/04/22 15:48:58 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2007/09/22 16:35:56 | 002,614,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup200.exe
[2007/09/22 15:32:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe

========== Files - Modified Within 30 Days ==========

[2011/08/01 16:28:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
[2011/08/01 16:27:53 | 098,175,485 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/08/01 16:27:37 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job
[2011/07/31 21:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/31 19:42:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/31 19:40:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/31 18:27:00 | 126,425,482 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/31 10:03:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\dale\Desktop\MBR.dat
[2011/07/31 09:53:57 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\dale\Desktop\aswMBR.exe
[2011/07/29 16:36:35 | 000,435,511 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
[2011/07/26 13:27:10 | 000,000,195 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/26 11:55:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Skesisawanulamo.dat
[2011/07/26 08:44:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ftute.bin
[2011/07/25 20:44:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/25 19:40:15 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/23 19:09:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 19:05:33 | 000,435,357 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110729-163635.backup
[2011/07/16 18:25:34 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 13:28:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/08 19:39:15 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/06 15:46:48 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 15:46:48 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\dale\Desktop\FrostWire 4.21.8.lnk
[2011/07/06 15:44:23 | 009,355,032 | ---- | M] (FrostWire Team) -- C:\Program Files\frostwire-4.21.8.windows.exe
[2011/07/04 19:50:06 | 000,434,745 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110704-195029.backup
[2011/07/04 19:50:06 | 000,434,745 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-190533.backup

========== Files Created - No Company Name ==========

[2011/07/31 10:03:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\dale\Desktop\MBR.dat
[2011/07/25 20:08:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Skesisawanulamo.dat
[2011/07/25 20:08:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ftute.bin
[2011/07/08 19:38:07 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2011/07/06 15:46:48 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 15:46:48 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\dale\Desktop\FrostWire 4.21.8.lnk
[2011/07/06 15:46:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/11 19:17:25 | 005,159,199 | ---- | C] () -- C:\Program Files\PCI_Install_XP_2K_5719_10202010.zip
[2011/02/10 19:25:40 | 000,537,867 | ---- | C] () -- C:\Program Files\yk51x86_v11.30.1.3.zip
[2011/02/08 18:10:51 | 000,813,714 | ---- | C] () -- C:\Program Files\xvidcore-1.3.0-rc1.tar.gz
[2011/02/07 11:00:08 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/02/07 11:00:08 | 000,925,667 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/02/07 11:00:08 | 000,721,798 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/07 11:00:08 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/02/07 11:00:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/02/07 11:00:08 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/02/07 11:00:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/02/07 11:00:08 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/02/07 11:00:08 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/02/07 11:00:08 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/02/07 11:00:08 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/02/07 11:00:08 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2011/02/07 10:45:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/07 10:39:02 | 004,166,551 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/01/29 19:11:09 | 000,253,016 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/29 19:11:05 | 000,253,024 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/29 19:11:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/17 13:07:34 | 001,952,032 | ---- | C] () -- C:\Program Files\EVGA_Precision_Setup_202.exe
[2010/10/11 11:17:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/02 20:18:40 | 000,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 01:45:18 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/08/14 01:45:10 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/08/14 01:43:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/08/14 01:43:42 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/08/14 01:43:34 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/08/14 01:43:22 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/08/14 01:42:54 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/08/14 01:42:48 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/08/14 01:42:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/08/14 01:42:06 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/08/14 01:41:54 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/08/14 01:40:02 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/08/14 01:39:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/05/09 17:50:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/02/05 19:25:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/27 16:12:21 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/20 18:26:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/11 14:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 14:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/07/16 15:37:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dale\Application Data\$_hpcst$.hpc
[2009/06/07 09:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/23 11:16:53 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
[2008/11/23 11:16:53 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2008/11/23 11:16:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2008/11/23 11:16:48 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/11/23 11:16:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[2008/11/23 11:16:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
[2008/11/23 11:16:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/11/23 11:16:47 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/11/23 11:16:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/23 11:16:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008/11/23 11:16:45 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/23 18:00:45 | 000,118,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/06/04 20:00:02 | 000,112,898 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/06/04 20:00:02 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/02/23 15:44:20 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/04 22:18:02 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/24 15:56:37 | 000,131,894 | ---- | C] () -- C:\WINDOWS\hpiins06.dat.temp
[2007/11/24 15:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat.temp
[2007/11/24 14:18:24 | 000,131,907 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/11/24 14:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/05 12:54:26 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/09/01 21:32:20 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
[2007/07/11 19:23:45 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2007/06/25 16:14:23 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/06/18 15:25:07 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/17 21:32:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 13:30:54 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2007/06/15 13:30:54 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2007/06/11 18:51:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/06/11 18:49:52 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/06/11 18:49:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/06/11 18:49:12 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/06/11 18:48:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/06/10 17:38:45 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/06/10 17:36:20 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/10 16:55:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\dale\Local Settings\Application Data\fusioncache.dat
[2007/06/10 12:00:55 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/06/10 12:00:55 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/06/10 11:53:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/10 11:51:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/06/10 11:51:42 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/10 00:56:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/10 00:53:29 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/09 08:12:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/09 08:08:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/10 06:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,509,250 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,098,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/11/10 16:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/26 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/31 14:20:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/12 13:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/20 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/01/23 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/05/20 13:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/06/19 12:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/06/28 18:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/24 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/08/20 18:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/13 19:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/23 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/25 20:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
[2010/10/31 14:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\AVG10
[2011/07/25 20:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Azureus
[2011/06/12 17:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Coby Media Manager
[2011/05/15 18:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\DDMSettings
[2011/07/19 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\FrostWire
[2011/04/13 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Image Zone Express
[2007/09/20 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\iolo
[2007/07/02 17:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Leadertech
[2007/06/28 18:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Nokia
[2007/06/10 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\PC Suite
[2010/12/09 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Shareaza
[2010/11/02 19:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mica\Application Data\AVG10
[2007/06/25 21:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mica\Application Data\MailFrontier
[2007/06/11 18:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mica\Application Data\PC Suite
[2011/07/31 21:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/08/01 16:28:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
[2011/08/01 16:27:37 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8B731E

< End of report >

Edited by dually, 01 August 2011 - 02:31 PM.

  • 0

#7
Essexboy
Posted 01 August 2011 - 03:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I think I can see part of the problem

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/25 20:06:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Start Menu\Programs\Zentom System Guard
    [2011/07/26 11:55:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Skesisawanulamo.dat
    [2011/07/26 08:44:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ftute.bin


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [ZipFiles]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
dually
Posted 01 August 2011 - 04:33 PM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL log and combofix log.

OTL logfile created on: 01/08/2011 6:12:19 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\dale\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.50 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.03% Memory free
2.84 Gb Paging File | 2.23 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): C:\pagefile.sys 500 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 61.69 Gb Free Space | 63.17% Space Free | Partition Type: NTFS
Drive D: | 51.39 Gb Total Space | 33.06 Gb Free Space | 64.33% Space Free | Partition Type: NTFS
Drive G: | 14.65 Gb Total Space | 4.78 Gb Free Space | 32.64% Space Free | Partition Type: NTFS
Drive H: | 13.98 Gb Total Space | 12.35 Gb Free Space | 88.33% Space Free | Partition Type: NTFS

Computer Name: DUALTURBO | User Name: dale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
PRC - [2011/06/24 11:18:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009/03/08 04:31:54 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/03/28 09:50:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- D:\Program Files\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
MOD - [2011/01/07 20:56:54 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2010/11/04 09:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/28 09:50:00 | 000,006,656 | ---- | M] (Logitech Inc. ) -- D:\Program Files\MouseWare\system\LGMOUSHK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (avg8wd)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 19:28:41 | 000,298,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/11 16:10:52 | 000,100,456 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2007/08/28 15:39:49 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2006/12/21 01:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/10 06:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/10/18 20:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/03/22 02:50:00 | 000,068,190 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/03/22 02:50:00 | 000,051,214 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2002/03/22 02:50:00 | 000,010,560 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2002/03/22 02:50:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://news.google.c...p?hl=en&tab=wn"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/07/09 11:53:45 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 13:28:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/15 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/15 18:41:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}: C:\Documents and Settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D} [2011/07/25 20:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}: C:\Documents and Settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\ [2011/07/26 08:44:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 11:18:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 11:18:57 | 000,000,000 | ---D | M]

[2010/10/11 11:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Extensions
[2011/07/31 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions
[2011/03/30 20:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/03/24 18:40:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\[email protected]
[2011/07/06 15:46:48 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Documents and Settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\extensions\[email protected]
[2011/07/31 10:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 19:58:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/12 20:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/26 17:12:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 11:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/08/01 17:55:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.24\AsRunHelp.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EM_EXEC] D:\Program Files\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\dale\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1181502706343 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} http://www.linksysfi...ll/gtdownls.cab (LinkSys Content Update)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E68C89AA-554F-43F3-8D5E-9B36D873081B} http://www.rogershel...prjOCFTools.CAB (prjOCFTools.OCFTools)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/09 08:11:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/01 18:13:41 | 004,160,708 | ---- | C] (Swearware) -- C:\Documents and Settings\dale\Desktop\ComboFix.exe
[2011/08/01 17:55:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/31 09:52:54 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\dale\Desktop\aswMBR.exe
[2011/07/29 16:59:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/07/27 15:59:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
[2011/07/25 20:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/07/25 20:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/25 20:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}
[2011/07/25 20:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
[2011/07/08 19:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Application Data\Intelli-studio
[2011/07/08 19:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SAMSUNG
[2011/07/08 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2011/07/06 15:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\dale\Start Menu\Programs\FrostWire
[2011/07/06 15:46:35 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/07/06 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/07/06 15:44:21 | 009,355,032 | ---- | C] (FrostWire Team) -- C:\Program Files\frostwire-4.21.8.windows.exe
[2011/03/30 19:59:34 | 008,582,536 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.13.exe
[2011/03/24 18:29:34 | 012,580,112 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.exe
[2011/02/13 17:18:35 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Program Files\winamp5601_full_emusic-7plus_en-us.exe
[2011/01/29 21:31:54 | 025,740,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2011/01/29 19:05:10 | 088,544,032 | ---- | C] (NVIDIA Corporation) -- C:\Program Files\266.58_desktop_winxp_32bit_english_whql.exe
[2010/10/31 14:28:03 | 007,462,536 | ---- | C] (AVG ) -- C:\Program Files\avg_pct_stf_all_2011_22_c5.exe
[2010/03/12 20:52:49 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstaller.exe
[2009/12/04 20:18:39 | 077,086,488 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstallation.exe
[2009/09/23 16:17:45 | 093,074,728 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/09/04 16:12:37 | 004,574,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OutlookConnector.exe
[2008/04/22 15:48:58 | 002,400,784 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WLinstaller.exe
[2007/09/22 16:35:56 | 002,614,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup200.exe
[2007/09/22 15:32:15 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe

========== Files - Modified Within 30 Days ==========

[2011/08/01 18:13:43 | 004,160,708 | ---- | M] (Swearware) -- C:\Documents and Settings\dale\Desktop\ComboFix.exe
[2011/08/01 18:13:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
[2011/08/01 18:12:27 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job
[2011/08/01 18:09:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/01 18:09:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/01 17:55:27 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/01 16:29:15 | 126,488,478 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/07/31 21:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/07/31 10:03:38 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\dale\Desktop\MBR.dat
[2011/07/31 09:53:57 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\dale\Desktop\aswMBR.exe
[2011/07/27 15:59:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dale\Desktop\OTL.exe
[2011/07/26 13:27:10 | 000,000,195 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/07/25 20:44:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/25 19:40:15 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/07/23 19:09:15 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/23 19:05:33 | 000,435,357 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110729-163635.backup
[2011/07/16 18:25:34 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 20:04:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 13:28:09 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/07/08 19:39:15 | 000,001,725 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/06 15:46:48 | 000,000,872 | ---- | M] () -- C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 15:46:48 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\dale\Desktop\FrostWire 4.21.8.lnk
[2011/07/06 15:44:23 | 009,355,032 | ---- | M] (FrostWire Team) -- C:\Program Files\frostwire-4.21.8.windows.exe
[2011/07/04 19:50:06 | 000,434,745 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110704-195029.backup
[2011/07/04 19:50:06 | 000,434,745 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110723-190533.backup

========== Files Created - No Company Name ==========

[2011/07/31 10:03:38 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\dale\Desktop\MBR.dat
[2011/07/08 19:38:07 | 000,001,725 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk
[2011/07/06 15:46:48 | 000,000,872 | ---- | C] () -- C:\Documents and Settings\dale\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 4.21.8.lnk
[2011/07/06 15:46:48 | 000,000,854 | ---- | C] () -- C:\Documents and Settings\dale\Desktop\FrostWire 4.21.8.lnk
[2011/07/06 15:46:46 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/11 19:17:25 | 005,159,199 | ---- | C] () -- C:\Program Files\PCI_Install_XP_2K_5719_10202010.zip
[2011/02/10 19:25:40 | 000,537,867 | ---- | C] () -- C:\Program Files\yk51x86_v11.30.1.3.zip
[2011/02/08 18:10:51 | 000,813,714 | ---- | C] () -- C:\Program Files\xvidcore-1.3.0-rc1.tar.gz
[2011/02/07 11:00:08 | 001,529,856 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2011/02/07 11:00:08 | 000,925,667 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2011/02/07 11:00:08 | 000,721,798 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/07 11:00:08 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2011/02/07 11:00:08 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/02/07 11:00:08 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2011/02/07 11:00:08 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2011/02/07 11:00:08 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/02/07 11:00:08 | 000,140,800 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2011/02/07 11:00:08 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2011/02/07 11:00:08 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2011/02/07 11:00:08 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2011/02/07 10:45:52 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/07 10:39:02 | 004,166,551 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2011/01/29 19:11:09 | 000,253,016 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/29 19:11:05 | 000,253,024 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/29 19:11:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/17 13:07:34 | 001,952,032 | ---- | C] () -- C:\Program Files\EVGA_Precision_Setup_202.exe
[2010/10/11 11:17:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/02 20:18:40 | 000,000,195 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/14 01:45:18 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2010/08/14 01:45:10 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2010/08/14 01:43:52 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2010/08/14 01:43:42 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2010/08/14 01:43:34 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2010/08/14 01:43:22 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2010/08/14 01:42:54 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2010/08/14 01:42:48 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2010/08/14 01:42:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2010/08/14 01:42:06 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2010/08/14 01:41:54 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2010/08/14 01:40:02 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2010/08/14 01:39:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2010/05/09 17:50:42 | 000,000,034 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/02/05 19:25:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/27 16:12:21 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/20 18:26:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/11 14:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2009/08/11 14:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2009/07/16 15:37:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\dale\Application Data\$_hpcst$.hpc
[2009/06/07 09:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 15:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/23 11:16:53 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\pwmdtl40.dll
[2008/11/23 11:16:53 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cwsmaf40.dll
[2008/11/23 11:16:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\cwpwmd10.dll
[2008/11/23 11:16:48 | 001,097,728 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/11/23 11:16:48 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Mp3dec.dll
[2008/11/23 11:16:48 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\MP3enc.dll
[2008/11/23 11:16:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/11/23 11:16:47 | 001,003,520 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2008/11/23 11:16:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/23 11:16:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008/11/23 11:16:45 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\viscomqtde.dll
[2008/11/06 08:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/23 18:00:45 | 000,118,280 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/06/04 20:00:02 | 000,112,898 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/06/04 20:00:02 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/02/23 15:44:20 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/04 22:18:02 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/24 15:56:37 | 000,131,894 | ---- | C] () -- C:\WINDOWS\hpiins06.dat.temp
[2007/11/24 15:56:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat.temp
[2007/11/24 14:18:24 | 000,131,907 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/11/24 14:18:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/10/13 02:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/09/05 12:54:26 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/09/01 21:32:20 | 000,002,052 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
[2007/07/11 19:23:45 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2007/06/25 16:14:23 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2007/06/18 15:25:07 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\dale\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/17 21:32:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/15 13:30:54 | 000,111,104 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2007/06/15 13:30:54 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2007/06/11 18:51:40 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/06/11 18:49:52 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/06/11 18:49:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/06/11 18:49:12 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/06/11 18:48:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/06/10 17:38:45 | 000,000,311 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2007/06/10 17:36:20 | 000,000,185 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/06/10 16:55:22 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\dale\Local Settings\Application Data\fusioncache.dat
[2007/06/10 12:00:55 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2007/06/10 12:00:55 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2007/06/10 11:53:31 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/06/10 11:51:56 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/06/10 11:51:42 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/06/10 00:56:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/10 00:53:29 | 000,197,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/09 08:12:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/09 08:08:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/11/10 06:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,509,250 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,098,160 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/14 13:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/11/10 16:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/26 16:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/31 14:20:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/12 13:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007/09/20 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2008/01/23 21:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/05/20 13:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/06/19 12:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2007/06/28 18:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/24 18:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/08/20 18:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/11/13 19:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/23 16:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/25 20:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
[2010/10/31 14:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\AVG10
[2011/07/25 20:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Azureus
[2011/06/12 17:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Coby Media Manager
[2011/05/15 18:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\DDMSettings
[2011/07/19 19:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\FrostWire
[2011/04/13 18:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Image Zone Express
[2007/09/20 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\iolo
[2007/07/02 17:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Leadertech
[2007/06/28 18:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Nokia
[2007/06/10 14:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\PC Suite
[2010/12/09 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\dale\Application Data\Shareaza
[2011/07/31 21:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/08/01 18:13:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
[2011/08/01 18:12:27 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A8B731E

< End of report >







ComboFix 11-08-01.05 - dale 01/08/2011 18:24:00.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1854 [GMT -7:00]
Running from: c:\documents and settings\dale\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F
c:\documents and settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F\enemies-names.txt
c:\documents and settings\dale\Application Data\5EC5B899CBA1B9BB8E4A0D29FF54E12F\local.ini
c:\documents and settings\dale\Application Data\Adobe\plugs
c:\documents and settings\dale\Application Data\Adobe\shed
c:\documents and settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}
c:\documents and settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}\chrome.manifest
c:\documents and settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}\chrome\content\_cfg.js
c:\documents and settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}\chrome\content\overlay.xul
c:\documents and settings\dale\Local Settings\Application Data\{DDCC797C-5B0E-4FB0-AE87-1B612CED580D}\install.rdf
c:\documents and settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}
c:\documents and settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\chrome.manifest
c:\documents and settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\chrome\content\_cfg.js
c:\documents and settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\chrome\content\overlay.xul
c:\documents and settings\mica\Local Settings\Application Data\{3C5450B3-1C98-4C77-AA97-3DC52BE1E898}\install.rdf
c:\documents and settings\mica\WINDOWS
c:\program files\266.58_desktop_winxp_32bit_english_whql.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-02 to 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 00:55 . 2011-08-02 00:55 -------- d-----w- C:\_OTL
2011-07-29 23:59 . 2011-07-29 23:59 -------- d-----w- C:\$AVG
2011-07-09 02:38 . 2011-07-26 03:00 -------- d-----w- c:\documents and settings\dale\Application Data\Intelli-studio
2011-07-09 02:37 . 2011-07-09 02:37 -------- d-----w- c:\program files\SAMSUNG
2011-07-06 22:46 . 2011-07-06 22:46 -------- d-----w- c:\program files\Ask.com
2011-07-06 22:46 . 2011-07-06 22:48 -------- d-----w- c:\program files\FrostWire
2011-07-06 22:44 . 2011-07-06 22:44 9355032 ----a-w- c:\program files\frostwire-4.21.8.windows.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 02:52 . 2010-10-04 01:44 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2010-10-04 01:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 19:59 . 2011-05-18 02:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 11:52 . 2010-10-09 18:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 09:25 . 2010-10-09 18:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-30 16:58 . 2011-03-31 02:59 8582536 ----a-w- c:\program files\Firefox Setup 3.6.13.exe
2011-03-25 01:30 . 2011-03-25 01:29 12580112 ----a-w- c:\program files\Firefox Setup 4.0.exe
2011-02-14 00:18 . 2011-02-14 00:18 11708760 ----a-w- c:\program files\winamp5601_full_emusic-7plus_en-us.exe
2011-01-30 04:32 . 2011-01-30 04:31 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2011-01-30 00:40 . 2011-01-17 20:07 1952032 ----a-w- c:\program files\EVGA_Precision_Setup_202.exe
2010-10-31 21:28 . 2010-10-31 21:28 7462536 ----a-w- c:\program files\avg_pct_stf_all_2011_22_c5.exe
2010-03-13 03:52 . 2010-03-13 03:52 97364760 ----a-w- c:\program files\Ad-AwareInstaller.exe
2009-12-05 03:18 . 2009-12-05 03:18 77086488 ----a-w- c:\program files\Ad-AwareInstallation.exe
2009-09-23 23:17 . 2009-09-23 23:17 93074728 ----a-w- c:\program files\iTunesSetup.exe
2009-09-04 23:12 . 2009-09-04 23:12 4574760 ----a-w- c:\program files\OutlookConnector.exe
2008-04-22 22:48 . 2008-04-22 22:48 2400784 ----a-w- c:\program files\WLinstaller.exe
2007-09-22 23:36 . 2007-09-22 23:35 2614072 ----a-w- c:\program files\ccsetup200.exe
2007-09-22 22:32 . 2007-09-22 22:32 791393 ----a-w- c:\program files\erunt-setup.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 20:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-01-17 175912]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.24\AsRunHelp.exe" [2006-12-29 363008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"EM_EXEC"="d:\progra~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-03-28 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-13 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-19 2334560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"EVGAPrecision"="c:\program files\EVGA Precision\EVGAPrecision.exe" [2011-01-17 355432]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]
.
c:\documents and settings\dale\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13457:TCP"= 13457:TCP:*:Disabled:BitComet 13457 TCP
"13457:UDP"= 13457:UDP:*:Disabled:BitComet 13457 UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07/09/2010 3:49 AM 297168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 5:33 AM 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 9:42 PM 27216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [28/01/2011 10:13 PM 100456]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/04/2011 5:39 PM 7398752]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-08-01 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 20:29]
.
2011-08-02 c:\windows\Tasks\User_Feed_Synchronization-{413B1F9F-D6CD-496B-8FEB-50A482D4E6C3}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
2011-08-02 c:\windows\Tasks\User_Feed_Synchronization-{F0292663-D555-4410-A4C6-A34945D2BD11}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {E68C89AA-554F-43F3-8D5E-9B36D873081B} - hxxp://www.rogershelp.com/ocf/prjOCFTools.CAB
FF - ProfilePath - c:\documents and settings\dale\Application Data\Mozilla\Firefox\Profiles\9iddin8s.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.ca/nwshp?hl=en&tab=wn
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-01 18:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-08-01 18:31:20
ComboFix-quarantined-files.txt 2011-08-02 01:31
.
Pre-Run: 66,122,870,784 bytes free
Post-Run: 65,872,850,944 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - CA2B67F5B39A51F2DA9106C29AC61129
  • 0

#9
Essexboy
Posted 02 August 2011 - 11:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you currently experiencing ?
  • 0

#10
dually
Posted 02 August 2011 - 12:57 PM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Computer takes at least 10mins to boot. Dvd an cd drive not recognized in "My Computer", programs can't find drives.
Didn't want to start touring the net yet. I know in the beginning my system resources were being used up, but that has been ok just doing these scans.
Does it look clear now?

Edited by dually, 02 August 2011 - 12:58 PM.

  • 0

Advertisements

#11
Essexboy
Posted 02 August 2011 - 01:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you go to this MS page and run the fixit there, let me know if the drives are now recognised

Once you are happy with your searches and the like, we will remove my tools and look at speeding you up :)
  • 0

#12
dually
Posted 02 August 2011 - 04:27 PM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
That utility did not find them. Don't see them in device manager or BIOS. Can't seem to run that program again either, just a blue box like DOS. Reinstalled but didn't find them again.
When I first start computer there is power to one of my drives, but as soon as windows starts to load its gone.

Edited by dually, 02 August 2011 - 05:01 PM.

  • 0

#13
Essexboy
Posted 03 August 2011 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next trick is to reset the DMA, download the attached zip file and extract the VBS to your desktop

Run the VBS file and once it has completed reboot and see if the drives are now visible

[attachment=51633:resetdma.zip]

Also what other problems do you have ?
  • 0

#14
dually
Posted 03 August 2011 - 03:07 PM

dually

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Ok. After a couple attempts, some freezing, I have control over my dvd drive, and can see it through my computer. My other drive seems to have died tried it in an old PC. Boot time has also improved.
  • 0

#15
Essexboy
Posted 03 August 2011 - 03:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems before I remove my tools and tidy up ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP